Re: Shellshock: Has CVE-2014-7186 and CVE-2014-7187 been addressed for debian

[Joe <joe@jretrading.com>]

On Sat, 27 Sep 2014 20:29:12 +0200
Martin Holub <lumpi@fileserver.v6.amspitz.at> wrote:

> Hi,
> 
> Please according to the Security Tracker [1,2] booth are fixed in
> stable and oldstable.
> 

And unstable, I don't have a testing installation, but I'd have thought
that should also be done by now.
> 
> [1] https://security-tracker.debian.org/tracker/CVE-2014-7186
> [2] https://security-tracker.debian.org/tracker/CVE-2014-7187
> 
> On 27/09/14 20:18, john wrote:
> > Hello,
> >
> > I was wondering if CVE-2014-7186 and CVE-2014-7187 been addressed
> > yet for Debian. I note that Ubuntu pushed another patch addressing
> > these earlier today.
> >

The first patch for this problem didn't fix it completely, so there
were two. Updating now should certainly solve the problem.

Here's a couple of tests, and the results expected after neither, the
first, and the second patches:

https://access.redhat.com/articles/1200223

-- 
Joe