[Secure-testing-commits] r29290 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Mon Oct 6 11:34:19 UTC 2014 

Author: carnil
Date: 2014-10-06 11:34:19 +0000 (Mon, 06 Oct 2014)
New Revision: 29290

Modified:
   data/CVE/list
Log:
Adjust note for bash issues are issues are disclosed now

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-10-06 10:14:28 UTC (rev 29289)
+++ data/CVE/list	2014-10-06 11:34:19 UTC (rev 29290)
@@ -3375,22 +3375,18 @@
 	- bash 4.3-9.2 (high)
 	[wheezy] - bash 4.2+dfsg-0.1+deb7u3 (high)
 	[squeeze] - bash 4.1-3+deb6u2 (high)
-	NOTE: The underlying parser flaw has not yet been disclosed and might
-	NOTE: still exist in latest released bash packages. However Florian
-	NOTE: Weimer's variables-affix.patch patch applied in Debian prevents
-	NOTE: exploitation of this issue by making bash only use environment
-	NOTE: variables with specific names (BASH_FUNC_*()) to define functions
-	NOTE: from its environment.
+	NOTE: Florian Weimer's variables-affix.patch patch applied in Debian prevents
+	NOTE: exploitation of this issue by making bash only use environment variables
+	NOTE: with specific names (BASH_FUNC_*()) to define functions from its
+	NOTE: environment.
 CVE-2014-6277 (GNU Bash through 4.3 bash43-026 does not properly parse function ...)
 	- bash 4.3-9.2
 	[wheezy] - bash 4.2+dfsg-0.1+deb7u3
 	[squeeze] - bash 4.1-3+deb6u2
-	NOTE: The underlying parser flaw has not yet been disclosed and might
-	NOTE: still exist in latest released bash packages. However Florian
-	NOTE: Weimer's variables-affix.patch patch applied in Debian prevents
-	NOTE: exploitation of this issue by making bash only use environment
-	NOTE: variables with specific names (BASH_FUNC_*()) to define functions
-	NOTE: from its environment.
+	NOTE: Florian Weimer's variables-affix.patch patch applied in Debian prevents
+	NOTE: exploitation of this issue by making bash only use environment variables
+	NOTE: with specific names (BASH_FUNC_*()) to define functions from its
+	NOTE: environment.
 CVE-2014-6276
 	RESERVED
 CVE-2014-6275

More information about the Secure-testing-commits mailing list