[Secure-testing-commits] r29290 - data/CVE

Mon, 06 Oct 2014 04:35:03 -0700 

Author: carnil
Date: 2014-10-06 11:34:19 +0000 (Mon, 06 Oct 2014)
New Revision: 29290

Modified:
   data/CVE/list
Log:
Adjust note for bash issues are issues are disclosed now

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2014-10-06 10:14:28 UTC (rev 29289)
+++ data/CVE/list       2014-10-06 11:34:19 UTC (rev 29290)
@@ -3375,22 +3375,18 @@
        - bash 4.3-9.2 (high)
        [wheezy] - bash 4.2+dfsg-0.1+deb7u3 (high)
        [squeeze] - bash 4.1-3+deb6u2 (high)
-       NOTE: The underlying parser flaw has not yet been disclosed and might
-       NOTE: still exist in latest released bash packages. However Florian
-       NOTE: Weimer's variables-affix.patch patch applied in Debian prevents
-       NOTE: exploitation of this issue by making bash only use environment
-       NOTE: variables with specific names (BASH_FUNC_*()) to define functions
-       NOTE: from its environment.
+       NOTE: Florian Weimer's variables-affix.patch patch applied in Debian 
prevents
+       NOTE: exploitation of this issue by making bash only use environment 
variables
+       NOTE: with specific names (BASH_FUNC_*()) to define functions from its
+       NOTE: environment.
 CVE-2014-6277 (GNU Bash through 4.3 bash43-026 does not properly parse 
function ...)
        - bash 4.3-9.2
        [wheezy] - bash 4.2+dfsg-0.1+deb7u3
        [squeeze] - bash 4.1-3+deb6u2
-       NOTE: The underlying parser flaw has not yet been disclosed and might
-       NOTE: still exist in latest released bash packages. However Florian
-       NOTE: Weimer's variables-affix.patch patch applied in Debian prevents
-       NOTE: exploitation of this issue by making bash only use environment
-       NOTE: variables with specific names (BASH_FUNC_*()) to define functions
-       NOTE: from its environment.
+       NOTE: Florian Weimer's variables-affix.patch patch applied in Debian 
prevents
+       NOTE: exploitation of this issue by making bash only use environment 
variables
+       NOTE: with specific names (BASH_FUNC_*()) to define functions from its
+       NOTE: environment.
 CVE-2014-6276
        RESERVED
 CVE-2014-6275


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to