Bug#840379: jessie-pu: package bash/4.3-11+deb8u1

To: Salvatore Bonaccorso <carnil@debian.org>, 840379@bugs.debian.org
Subject: Bug#840379: jessie-pu: package bash/4.3-11+deb8u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Mon, 31 Oct 2016 21:17:35 +0000
Message-id: <[🔎] 1477948655.2078.5.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 840379@bugs.debian.org
In-reply-to: <[🔎] 147616215955.16880.11621560027419433970.reportbug@lorien.valinor.li>
References: <[🔎] 147616215955.16880.11621560027419433970.reportbug@lorien.valinor.li>

Control: tags -1 + confirmed

On Tue, 2016-10-11 at 07:02 +0200, Salvatore Bonaccorso wrote:
> bash in Stable is affected by
> 
> CVE-2016-0634: Arbitrary code execution via malicious hostname
> 
> and
> 
> CVE-2016-7543: Specially crafted SHELLOPTS+PS4 variables allows
> command substitution
> 
> which both are considered no-dsa (actually the first one unimportant,
> thus it's not tagged no-dsa in the security tracker). I have prepared
> an update for bash picking the two upstream patches for th 4.3 branch.

Please go ahead.

Regards,

Adam

Reply to:

References:
- Bug#840379: jessie-pu: package bash/4.3-11+deb8u1
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: Processed: Re: [gcc-6] Fails to compile OpenWrt/LEDE prereq-build
Next by Date: Processed: Re: Bug#840379: jessie-pu: package bash/4.3-11+deb8u1
Previous by thread: Bug#840379: jessie-pu: package bash/4.3-11+deb8u1
Next by thread: Processed: Re: Bug#840379: jessie-pu: package bash/4.3-11+deb8u1
Index(es):
- Date
- Thread