[MacPorts] #45162: bash @4.3.25: Vulnerable to code execution in environment variables (CVE-2014-7169)
MacPorts
noreply at macports.org
Fri Sep 26 16:21:25 PDT 2014
#45162: bash @4.3.25: Vulnerable to code execution in environment variables
(CVE-2014-7169)
------------------------+----------------------
Reporter: kost.hc@… | Owner: raimue@…
Type: defect | Status: assigned
Priority: High | Milestone:
Component: ports | Version: 2.3.1
Resolution: | Keywords:
Port: bash |
------------------------+----------------------
Comment (by cal@…):
The official fix in patchlevel 26 is the same as in Debian's
`CVE-2014-7169.diff`. I've attached a patch that updates the port and also
ports Debian's patches. I'll leave it up to you to decide whether you also
want Debian's patches or just upstream's fix.
I've verified that function exports work after this patch. When they get
exported into environment variables, they are prefixed with `BASH_FUNC_`
and suffixed with `()`.
--
Ticket URL: <https://trac.macports.org/ticket/45162#comment:8>
MacPorts <http://www.macports.org/>
Ports system for OS X
More information about the macports-tickets
mailing list