oss-sec mailing list archives
Re: Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME
From: Leo Famulari <leo () famulari name>
Date: Tue, 27 Sep 2016 16:55:12 -0400
On Fri, Sep 16, 2016 at 03:56:01PM -0400, Chet Ramey wrote:
I believe the fix in parse.y is this (Chet, please correct me if I'm wrong):Yes, that is the current fix for this. There are other ways to do it.Here's a patch to bash-4.3 that will fix this.
Hi Chet, Thanks for the patch! Do you plan to add it to the bash-4.3-patches series [0]? [0] https://ftp.gnu.org/gnu/bash/bash-4.3-patches/
Attachment:
signature.asc
Description:
Current thread:
- CVE-2016-0634 -- bash prompt expanding $HOSTNAME John Haxby (Sep 16)
- Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Jan Schaumann (Sep 16)
- Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Chet Ramey (Sep 16)
- Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME John Haxby (Sep 18)
- Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Seth Arnold (Sep 19)
- Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME John Haxby (Sep 20)
- Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Chet Ramey (Sep 16)
- Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Jan Schaumann (Sep 16)
- Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Chet Ramey (Sep 16)
- Re: Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Leo Famulari (Sep 27)
- Re: Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Chet Ramey (Sep 29)