Author: carnil Date: 2014-10-06 11:34:19 +0000 (Mon, 06 Oct 2014) New Revision: 29290
Modified: data/CVE/list Log: Adjust note for bash issues are issues are disclosed now Modified: data/CVE/list =================================================================== --- data/CVE/list 2014-10-06 10:14:28 UTC (rev 29289) +++ data/CVE/list 2014-10-06 11:34:19 UTC (rev 29290) @@ -3375,22 +3375,18 @@ - bash 4.3-9.2 (high) [wheezy] - bash 4.2+dfsg-0.1+deb7u3 (high) [squeeze] - bash 4.1-3+deb6u2 (high) - NOTE: The underlying parser flaw has not yet been disclosed and might - NOTE: still exist in latest released bash packages. However Florian - NOTE: Weimer's variables-affix.patch patch applied in Debian prevents - NOTE: exploitation of this issue by making bash only use environment - NOTE: variables with specific names (BASH_FUNC_*()) to define functions - NOTE: from its environment. + NOTE: Florian Weimer's variables-affix.patch patch applied in Debian prevents + NOTE: exploitation of this issue by making bash only use environment variables + NOTE: with specific names (BASH_FUNC_*()) to define functions from its + NOTE: environment. CVE-2014-6277 (GNU Bash through 4.3 bash43-026 does not properly parse function ...) - bash 4.3-9.2 [wheezy] - bash 4.2+dfsg-0.1+deb7u3 [squeeze] - bash 4.1-3+deb6u2 - NOTE: The underlying parser flaw has not yet been disclosed and might - NOTE: still exist in latest released bash packages. However Florian - NOTE: Weimer's variables-affix.patch patch applied in Debian prevents - NOTE: exploitation of this issue by making bash only use environment - NOTE: variables with specific names (BASH_FUNC_*()) to define functions - NOTE: from its environment. + NOTE: Florian Weimer's variables-affix.patch patch applied in Debian prevents + NOTE: exploitation of this issue by making bash only use environment variables + NOTE: with specific names (BASH_FUNC_*()) to define functions from its + NOTE: environment. CVE-2014-6276 RESERVED CVE-2014-6275 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits