oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash)

From: Eric Blake <eblake () redhat com>
Date: Fri, 03 Oct 2014 16:10:40 -0600
On 10/03/2014 01:28 PM, David A. Wheeler wrote:

FYI, I've created a timeline of major Shellshock events here:

  http://www.dwheeler.com/essays/shellshock.html#timeline

If anyone has corrections or key additions, let me know.


In the timeline, it might be worth linking to all of the bash patches:

Patch 25 (CVE-2014-6271) 24 Sep 2014 10:27:10 -0400
https://lists.gnu.org/archive/html/bug-bash/2014-09/msg00081.html

Patch 26 (CVE-2014-7169) 26 Sep 2014 17:17:09 -0400
https://lists.gnu.org/archive/html/bug-bash/2014-09/msg00224.html

Patch 27 (no CVE, but the most important) [already in the timeline] 27
Sep 2014 22:50:07 -0400
https://lists.gnu.org/archive/html/bug-bash/2014-09/msg00278.html

Patch 28 (CVE-2014-7186, CVE-2014-7187) 1 Oct 2014 10:47:47 -0400
https://lists.gnu.org/archive/html/bug-bash/2014-10/msg00000.html

Patch 29 (CVE-2014-6277) 2 Oct 2014 22:42:53 -0400
https://lists.gnu.org/archive/html/bug-bash/2014-10/msg00020.html

Patch 30 (CVE-2014-6278) TBD

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

Previous By Date Next
Previous By Thread Next

Current thread: