oss-sec mailing list archives

Re: Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME

From: Leo Famulari <leo () famulari name>
Date: Tue, 27 Sep 2016 16:55:12 -0400

On Fri, Sep 16, 2016 at 03:56:01PM -0400, Chet Ramey wrote:

I believe the fix in parse.y is this (Chet, please correct me if I'm wrong):


Yes, that is the current fix for this.  There are other ways to do it.


Here's a patch to bash-4.3 that will fix this.


Hi Chet,

Thanks for the patch! Do you plan to add it to the bash-4.3-patches
series [0]?

[0]
https://ftp.gnu.org/gnu/bash/bash-4.3-patches/

Attachment: signature.asc
Description:

Current thread:

CVE-2016-0634 -- bash prompt expanding $HOSTNAME John Haxby (Sep 16)
- Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Jan Schaumann (Sep 16)
  - Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Chet Ramey (Sep 16)
    - Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME John Haxby (Sep 18)
    - Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Seth Arnold (Sep 19)
    - Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME John Haxby (Sep 20)
- Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Chet Ramey (Sep 16)
  - Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Chet Ramey (Sep 16)
    - Re: Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Leo Famulari (Sep 27)
    - Re: Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Chet Ramey (Sep 29)