[Secure-testing-commits] r29141 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Sep 29 15:23:51 UTC 2014
Author: carnil
Date: 2014-09-29 15:23:51 +0000 (Mon, 29 Sep 2014)
New Revision: 29141
Modified:
data/CVE/list
Log:
Add same information for CVE-2014-6278
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-09-29 15:22:09 UTC (rev 29140)
+++ data/CVE/list 2014-09-29 15:23:51 UTC (rev 29141)
@@ -1981,8 +1981,15 @@
NOT-FOR-US: OsClass
CVE-2014-6279
RESERVED
-CVE-2014-6278
+CVE-2014-6278 [code execution via specially crafted environment variables]
RESERVED
+ - bash <unfixed>
+ NOTE: The underlying parser flaw has not yet been disclosed and might
+ NOTE: still exist in latest released bash packages. However Florian
+ NOTE: Weimer's variables-affix.patch patch applied in Debian prevents
+ NOTE: exploitation of this issue by making bash only use environment
+ NOTE: variables with specific names (BASH_FUNC_*()) to define functions
+ NOTE: from its environment.
CVE-2014-6277 [untrusted pointer use issue leading to code execution]
RESERVED
- bash <unfixed>
More information about the Secure-testing-commits
mailing list