Re: bash vulnerability jessie

To: debian-user@lists.debian.org
Subject: Re: bash vulnerability jessie
From: The Wanderer <wanderer@fastmail.fm>
Date: Fri, 26 Sep 2014 15:06:57 -0400
Message-id: <[🔎] 5425B951.3070101@fastmail.fm>
In-reply-to: <[🔎] 87ioka2ots.fsf@reader.local.lan>
References: <[🔎] 87sije2x62.fsf@reader.local.lan> <[🔎] 54259088.6010805@fastmail.fm> <[🔎] 87ioka2ots.fsf@reader.local.lan>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 09/26/2014 at 02:56 PM, Harry Putnam wrote:

> The Wanderer <wanderer@fastmail.fm> writes:
> 
>> On 09/26/2014 at 11:56 AM, Harry Putnam wrote:

>>> I did ssh to my user from the same shell I ran aptitude in to 
>>> make sure I had a new login... but I still see `Vulnerable' in 
>>> answer to the string above.
>> 
>> With what version of bash?
> 
>> I just upgraded to 4.3-9.1, from current testing, which includes 
>> the existing partial fix (a more complete one is apparently now
>> in sid). I retested with the same test command you listed, as
>> well as with what I'd seen the failyure on before, and it now
>> shows as non-vulnerable.
> 
> [...]
> 
> I appear to have left out the fact that I'm talking about
> `jessie'. Sorry, a foolish slip... I usually do include that info.
> 
> I may be a simpleton but I assumed anyone freshly `full-upgraded' 
> with jessie  would have the same version.
> 
> Apparently not... here, after a full-upgrade of jessie about 2 hrs 
> ago at a litte before noon or so Eastern standard (US) time I see:
> 
> bash --version GNU bash, version 4.3.24(1)-release
> (i586-pc-linux-gnu)

I have (trimmed for brevity):

========
$ apt-cache policy bash
bash:
  Installed: 4.3-9.1

$ bash --version
GNU bash, version 4.3.25(1)-release (x86_64-pc-linux-gnu)
========

This is as of just over 3 hours ago as I type this.

- -- 
   The Wanderer

The reasonable man adapts himself to the world; the unreasonable one
persists in trying to adapt the world to himself. Therefore all
progress depends on the unreasonable man.         -- George Bernard Shaw
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJUJblRAAoJEASpNY00KDJr0IAP/0/r/cbmi9VbKZjIb1FELohk
yYqlGdKI01BFWLdlIl/+pfShgCxTt20rFpmptwdWhXCg4YZhyWDCCX7yVGgdWdSS
lQAYPu7xpq2v6w/rTptaH235OCs/YrYr4ESjRoWT3w+YkcK/Z4h50Yaf9uFWW0LW
2Hb0uIUNdPXxmcIpucQAr5/wrTsgSeU0T52NyomOALxzGzcwFFLcsZRdATRLFnjC
2SHaCj3Gab2kvfvWpNHKiHID8PSamxEC2QtQs/BS15Rpcbj4Q6xHN0nKDUDEnEWW
j/PX3Ri2FmQgaHf6tf0OtdLT4kk0keot1uJTB/ACzZSrSIC0n+27NoJvaKxC9yT4
kB1nrpBXlmbf5WLrgNJMfkuOXsN4TsVZY0N8MNYdvTiaSGgAkKv27yNFcJrRqFKi
4kdS1btJrBhITiZzt6oPpca8Lfx6bG3B1wvJiFD+SbMAGj/jx2yRbxztDqALqLGM
KGn8ovH+5yceBNhEU+0Q8K/rWbafTqGBCn1iGhfwuK83buAf7rB0yPI9RvH9yjJy
sptMuqHnjO8x0u2Uc+7zM8ULbSdvgFUA9j+72rc6YBjsWLUNpKQREEHduaSHukh8
Qimilcy6hXVlKy0OFjaZg/AARsNGmJJu6uLjFLqt33Ed40+5jAKptuMxig5qeXiS
zTxjxeYNrVOv/OjXqwrZ
=3ile
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: bash vulnerability jessie
  - From: Harry Putnam <reader@newsguy.com>

References:
- bash vulnerability jessie
  - From: Harry Putnam <reader@newsguy.com>
- Re: bash vulnerability jessie
  - From: The Wanderer <wanderer@fastmail.fm>
- Re: bash vulnerability jessie
  - From: Harry Putnam <reader@newsguy.com>

Prev by Date: Re: Let's have a vote!
Next by Date: Re: Challenge to you: Voice your concerns regarding systemd upstream
Previous by thread: Re: bash vulnerability jessie
Next by thread: Re: bash vulnerability jessie
Index(es):
- Date
- Thread