[Secure-testing-commits] r29171 - data/CVE
Florian Weimer
fw at moszumanska.debian.org
Tue Sep 30 17:42:06 UTC 2014
Author: fw
Date: 2014-09-30 17:42:06 +0000 (Tue, 30 Sep 2014)
New Revision: 29171
Modified:
data/CVE/list
Log:
CVE-2014-6277 CVE-2014-6278 bash
The prefix/suffix patch is considered sufficient fix for that.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-09-30 13:40:31 UTC (rev 29170)
+++ data/CVE/list 2014-09-30 17:42:06 UTC (rev 29171)
@@ -2003,7 +2003,9 @@
RESERVED
CVE-2014-6278 [code execution via specially crafted environment variables]
RESERVED
- - bash <unfixed>
+ - bash 4.3-9.2 (high)
+ [wheezy] - bash 4.2+dfsg-0.1+deb7u3 (high)
+ [squeeze] - bash 4.1-3+deb6u2 (high)
NOTE: The underlying parser flaw has not yet been disclosed and might
NOTE: still exist in latest released bash packages. However Florian
NOTE: Weimer's variables-affix.patch patch applied in Debian prevents
@@ -2012,7 +2014,9 @@
NOTE: from its environment.
CVE-2014-6277 [untrusted pointer use issue leading to code execution]
RESERVED
- - bash <unfixed>
+ - bash 4.3-9.2
+ [wheezy] - bash 4.2+dfsg-0.1+deb7u3
+ [squeeze] - bash 4.1-3+deb6u2
NOTE: The underlying parser flaw has not yet been disclosed and might
NOTE: still exist in latest released bash packages. However Florian
NOTE: Weimer's variables-affix.patch patch applied in Debian prevents
More information about the Secure-testing-commits
mailing list