[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#840379: jessie-pu: package bash/4.3-11+deb8u1

Control: tags -1 + confirmed

On Tue, 2016-10-11 at 07:02 +0200, Salvatore Bonaccorso wrote:
> bash in Stable is affected by
> CVE-2016-0634: Arbitrary code execution via malicious hostname
> and
> CVE-2016-7543: Specially crafted SHELLOPTS+PS4 variables allows
> command substitution
> which both are considered no-dsa (actually the first one unimportant,
> thus it's not tagged no-dsa in the security tracker). I have prepared
> an update for bash picking the two upstream patches for th 4.3 branch.

Please go ahead.



Reply to: