oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278)

From: Chet Ramey <chet.ramey () case edu>
Date: Thu, 02 Oct 2014 10:58:27 -0400
On 10/2/14, 3:22 AM, Solar Designer wrote:

Sona - Chet is not on oss-security, we should be CC'ing him on relevant
messages.  I've just added the CC on this one.

On Thu, Oct 02, 2014 at 06:48:54AM +0000, Sona Sarmadi wrote:

On 10/1/14, 5:04 PM, Shawn wrote:

http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-028


Nope, this one fixes 7168/7169.  It's the equivalent of the `parser-oob' patch.


My mistake, it's 7186/7187.  There are fixes for both in one patch.  The
fix for the off-by-one error is not obvious, but it's in there in the
third chunk.

Chet

-- 
``The lyf so short, the craft so long to lerne.'' - Chaucer
                 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU    chet () case edu    http://cnswww.cns.cwru.edu/~chet/
Previous By Date Next
Previous By Thread Next

Current thread: