[MacPorts] #45162: bash @4.3.25: Vulnerable to code execution in environment variables (CVE-2014-7169)
MacPorts
noreply at macports.org
Sat Sep 27 04:36:50 PDT 2014
#45162: bash @4.3.25: Vulnerable to code execution in environment variables
(CVE-2014-7169)
------------------------+----------------------
Reporter: kost.hc@… | Owner: raimue@…
Type: defect | Status: assigned
Priority: High | Milestone:
Component: ports | Version: 2.3.1
Resolution: | Keywords:
Port: bash |
------------------------+----------------------
Comment (by raimue@…):
I committed an update to bash @4.3.26 in r125830.
I think at this point it also makes sense to also take the other patches
from Debian, especially for the new issues CVE-2014-7186 and
CVE-2014-7187.
Clemens (cal@), what is the source of the patches you posted? I would like
to add a proper "Upstream: <URL>" or "Origin: <URL>" attribution in the
patch files so we can reconstruct where they came from originally.
--
Ticket URL: <https://trac.macports.org/ticket/45162#comment:13>
MacPorts <http://www.macports.org/>
Ports system for OS X
More information about the macports-tickets
mailing list