oss-sec mailing list archives
Re: Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME
From: Chet Ramey <chet.ramey () case edu>
Date: Thu, 29 Sep 2016 15:58:28 -0400
On 9/27/16 4:55 PM, Leo Famulari wrote:
On Fri, Sep 16, 2016 at 03:56:01PM -0400, Chet Ramey wrote:I believe the fix in parse.y is this (Chet, please correct me if I'm wrong):Yes, that is the current fix for this. There are other ways to do it.Here's a patch to bash-4.3 that will fix this.Hi Chet, Thanks for the patch! Do you plan to add it to the bash-4.3-patches series [0]?
Yes, I plan to.
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU chet () case edu http://cnswww.cns.cwru.edu/~chet/
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- CVE-2016-0634 -- bash prompt expanding $HOSTNAME John Haxby (Sep 16)
- Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Jan Schaumann (Sep 16)
- Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Chet Ramey (Sep 16)
- Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME John Haxby (Sep 18)
- Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Seth Arnold (Sep 19)
- Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME John Haxby (Sep 20)
- Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Chet Ramey (Sep 16)
- Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Jan Schaumann (Sep 16)
- Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Chet Ramey (Sep 16)
- Re: Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Leo Famulari (Sep 27)
- Re: Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Chet Ramey (Sep 29)