oss-sec mailing list archives
Re: Fwd: Non-upstream patches for bash
From: Solar Designer <solar () openwall com>
Date: Thu, 25 Sep 2014 21:56:24 +0400
On Thu, Sep 25, 2014 at 11:19:24PM +0530, Huzaifa Sidhpurwala wrote:
Based on the current situation and the fact that there is confusion about what patch to use for the bash issue. I wanted to post this here.
Thanks!
From: Florian Weimer <fweimer () redhat com>
[...]
Internal analysis revealed two out-of-bounds array accesses in the bash parser. This was also independently and privately reported by Todd Sabin <tsabin () optonline net>.
Have these been reported upstream? What's the oldest version of bash affected by them? Your reproducers didn't trigger any obvious misbehavior here with 3.1.8 with lots of unrelated patches. Of course, this does not mean much, but maybe these issues are in fact 3.2+? Alexander
Current thread:
- Fwd: Non-upstream patches for bash Huzaifa Sidhpurwala (Sep 25)
- Re: Fwd: Non-upstream patches for bash Solar Designer (Sep 25)
- Re: Fwd: Non-upstream patches for bash Huzaifa Sidhpurwala (Sep 25)
- Re: Fwd: Non-upstream patches for bash Michal Zalewski (Sep 25)
- Re: Fwd: Non-upstream patches for bash Chet Ramey (Sep 25)
- Re: Fwd: Non-upstream patches for bash Solar Designer (Sep 26)
- Re: Fwd: Non-upstream patches for bash Solar Designer (Sep 26)
- Re: Fwd: Non-upstream patches for bash Michal Zalewski (Sep 26)
- Re: Fwd: Non-upstream patches for bash Roman Drahtmueller (Sep 27)
- Re: Fwd: Non-upstream patches for bash Solar Designer (Sep 27)
- Re: Fwd: Non-upstream patches for bash Roman Drahtmueller (Sep 27)
- Re: Fwd: Non-upstream patches for bash Steve Jones (Sep 27)
- Re: Fwd: Non-upstream patches for bash Huzaifa Sidhpurwala (Sep 25)
- Re: Fwd: Non-upstream patches for bash Solar Designer (Sep 25)