oss-sec mailing list archives
Re: Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME
From: Chet Ramey <chet.ramey () case edu>
Date: Fri, 7 Oct 2016 10:45:16 -0400
On 9/27/16 4:55 PM, Leo Famulari wrote:
On Fri, Sep 16, 2016 at 03:56:01PM -0400, Chet Ramey wrote:I believe the fix in parse.y is this (Chet, please correct me if I'm wrong):Yes, that is the current fix for this. There are other ways to do it.Here's a patch to bash-4.3 that will fix this.Hi Chet, Thanks for the patch! Do you plan to add it to the bash-4.3-patches series [0]?
This went out as bash-4.3 patch 47. -- ``The lyf so short, the craft so long to lerne.'' - Chaucer ``Ars longa, vita brevis'' - Hippocrates Chet Ramey, UTech, CWRU chet () case edu http://cnswww.cns.cwru.edu/~chet/
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Re: Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Chet Ramey (Oct 07)
- RE: Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Sona Sarmadi (Oct 10)
- Re: Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Salvatore Bonaccorso (Oct 10)
- Re: Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Agostino Sarubbo (Oct 10)
- RE: Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Sona Sarmadi (Oct 10)