Bug#840379: jessie-pu: package bash/4.3-11+deb8u1
Control: tags -1 + pending
On Tue, 2016-11-01 at 06:25 +0100, Salvatore Bonaccorso wrote:
> Hi Adam,
>
> On Mon, Oct 31, 2016 at 09:17:35PM +0000, Adam D. Barratt wrote:
> > Control: tags -1 + confirmed
> >
> > On Tue, 2016-10-11 at 07:02 +0200, Salvatore Bonaccorso wrote:
> > > bash in Stable is affected by
> > >
> > > CVE-2016-0634: Arbitrary code execution via malicious hostname
> > >
> > > and
> > >
> > > CVE-2016-7543: Specially crafted SHELLOPTS+PS4 variables allows
> > > command substitution
> > >
> > > which both are considered no-dsa (actually the first one unimportant,
> > > thus it's not tagged no-dsa in the security tracker). I have prepared
> > > an update for bash picking the two upstream patches for th 4.3 branch.
> >
> > Please go ahead.
>
> Thanks a lot, uploaded.
Flagged for acceptance; thanks.
Regards,
Adam
Reply to: