[MacPorts] #45150: bash 4.3.24_0 critical security update
MacPorts
noreply at macports.org
Wed Sep 24 12:05:18 PDT 2014
#45150: bash 4.3.24_0 critical security update
-------------------------+----------------------
Reporter: hahn.seb@… | Owner: raimue@…
Type: defect | Status: closed
Priority: Normal | Milestone:
Component: ports | Version:
Resolution: fixed | Keywords: haspatch
Port: bash |
-------------------------+----------------------
Comment (by johndouthat@…):
After installing 4.3.25 from MacPorts, bash still seems to be vulnerable
{{{
~ $ echo $BASH_VERSION
4.3.25(1)-release
~ $ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
vulnerable
this is a test
}}}
I expected to see something like this: (from a patched Ubuntu 12.04
machine)
{{{
~$ echo $BASH_VERSION
4.2.25(1)-release
~$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
}}}
--
Ticket URL: <https://trac.macports.org/ticket/45150#comment:3>
MacPorts <http://www.macports.org/>
Ports system for OS X
More information about the macports-tickets
mailing list