Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20140925175623.GA2921@openwall.com>
Date: Thu, 25 Sep 2014 21:56:24 +0400
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Subject: Re: Fwd: Non-upstream patches for bash

On Thu, Sep 25, 2014 at 11:19:24PM +0530, Huzaifa Sidhpurwala wrote:
> Based on the current situation and the fact that there is confusion 
> about what patch to use for the bash issue. I wanted to post this here.

Thanks!

> From: Florian Weimer <fweimer@...hat.com>
[...]
> Internal analysis revealed two out-of-bounds array accesses in the bash
> parser.  This was also independently and privately reported by Todd
> Sabin <tsabin@...online.net>.

Have these been reported upstream?

What's the oldest version of bash affected by them?

Your reproducers didn't trigger any obvious misbehavior here with 3.1.8
with lots of unrelated patches.  Of course, this does not mean much, but
maybe these issues are in fact 3.2+?

Alexander

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.