CVE-2019-9924 Thanks
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-9924 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bash in Ubuntu. https://bugs.launchpad.net/bugs/1803441 Title: BASH_CMDS is writable in restricted bash shells (fixed upstream, need to backport patch) Status in bash package in Ubuntu: New Bug description: In 14.04 LTS, the BASH_CMDS variable is writable in rbash. This allows a trivial escape from rbash to run arbitrary shell commands. This issue is fixed upstream: http://git.savannah.gnu.org/cgit/bash.git/tree/CHANGES?h=bash-4.4-testing#n65 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1803441/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
