Bug#840379: jessie-pu: package bash/4.3-11+deb8u1

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Cc: 840379@bugs.debian.org
Subject: Bug#840379: jessie-pu: package bash/4.3-11+deb8u1
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 1 Nov 2016 06:25:28 +0100
Message-id: <[🔎] 20161101052528.GA19151@lorien.valinor.li>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 840379@bugs.debian.org
In-reply-to: <1477948655.2078.5.camel@adam-barratt.org.uk>
References: <147616215955.16880.11621560027419433970.reportbug@lorien.valinor.li> <1477948655.2078.5.camel@adam-barratt.org.uk>

Hi Adam,

On Mon, Oct 31, 2016 at 09:17:35PM +0000, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Tue, 2016-10-11 at 07:02 +0200, Salvatore Bonaccorso wrote:
> > bash in Stable is affected by
> > 
> > CVE-2016-0634: Arbitrary code execution via malicious hostname
> > 
> > and
> > 
> > CVE-2016-7543: Specially crafted SHELLOPTS+PS4 variables allows
> > command substitution
> > 
> > which both are considered no-dsa (actually the first one unimportant,
> > thus it's not tagged no-dsa in the security tracker). I have prepared
> > an update for bash picking the two upstream patches for th 4.3 branch.
> 
> Please go ahead.

Thanks a lot, uploaded.

Regards,
Salvatore

Reply to:

Follow-Ups:
- Bug#840379: jessie-pu: package bash/4.3-11+deb8u1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: Please dak copy-installer 20161031
Next by Date: Bug#842459: marked as done (nmu: zlib_1:1.2.8.dfsg-2)
Previous by thread: Please dak copy-installer 20161031
Next by thread: Bug#840379: jessie-pu: package bash/4.3-11+deb8u1
Index(es):
- Date
- Thread