Re: bash vulnerability jessie
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 09/26/2014 at 02:56 PM, Harry Putnam wrote:
> The Wanderer <wanderer@fastmail.fm> writes:
>
>> On 09/26/2014 at 11:56 AM, Harry Putnam wrote:
>>> I did ssh to my user from the same shell I ran aptitude in to
>>> make sure I had a new login... but I still see `Vulnerable' in
>>> answer to the string above.
>>
>> With what version of bash?
>
>> I just upgraded to 4.3-9.1, from current testing, which includes
>> the existing partial fix (a more complete one is apparently now
>> in sid). I retested with the same test command you listed, as
>> well as with what I'd seen the failyure on before, and it now
>> shows as non-vulnerable.
>
> [...]
>
> I appear to have left out the fact that I'm talking about
> `jessie'. Sorry, a foolish slip... I usually do include that info.
>
> I may be a simpleton but I assumed anyone freshly `full-upgraded'
> with jessie would have the same version.
>
> Apparently not... here, after a full-upgrade of jessie about 2 hrs
> ago at a litte before noon or so Eastern standard (US) time I see:
>
> bash --version GNU bash, version 4.3.24(1)-release
> (i586-pc-linux-gnu)
I have (trimmed for brevity):
========
$ apt-cache policy bash
bash:
Installed: 4.3-9.1
$ bash --version
GNU bash, version 4.3.25(1)-release (x86_64-pc-linux-gnu)
========
This is as of just over 3 hours ago as I type this.
- --
The Wanderer
The reasonable man adapts himself to the world; the unreasonable one
persists in trying to adapt the world to himself. Therefore all
progress depends on the unreasonable man. -- George Bernard Shaw
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJUJblRAAoJEASpNY00KDJr0IAP/0/r/cbmi9VbKZjIb1FELohk
yYqlGdKI01BFWLdlIl/+pfShgCxTt20rFpmptwdWhXCg4YZhyWDCCX7yVGgdWdSS
lQAYPu7xpq2v6w/rTptaH235OCs/YrYr4ESjRoWT3w+YkcK/Z4h50Yaf9uFWW0LW
2Hb0uIUNdPXxmcIpucQAr5/wrTsgSeU0T52NyomOALxzGzcwFFLcsZRdATRLFnjC
2SHaCj3Gab2kvfvWpNHKiHID8PSamxEC2QtQs/BS15Rpcbj4Q6xHN0nKDUDEnEWW
j/PX3Ri2FmQgaHf6tf0OtdLT4kk0keot1uJTB/ACzZSrSIC0n+27NoJvaKxC9yT4
kB1nrpBXlmbf5WLrgNJMfkuOXsN4TsVZY0N8MNYdvTiaSGgAkKv27yNFcJrRqFKi
4kdS1btJrBhITiZzt6oPpca8Lfx6bG3B1wvJiFD+SbMAGj/jx2yRbxztDqALqLGM
KGn8ovH+5yceBNhEU+0Q8K/rWbafTqGBCn1iGhfwuK83buAf7rB0yPI9RvH9yjJy
sptMuqHnjO8x0u2Uc+7zM8ULbSdvgFUA9j+72rc6YBjsWLUNpKQREEHduaSHukh8
Qimilcy6hXVlKy0OFjaZg/AARsNGmJJu6uLjFLqt33Ed40+5jAKptuMxig5qeXiS
zTxjxeYNrVOv/OjXqwrZ
=3ile
-----END PGP SIGNATURE-----
Reply to: