Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CALx_OUATMhBsedMAMLMWrn_OVmvxPD8TXTtnvykb7xAgb_H3vQ@mail.gmail.com>
Date: Tue, 30 Sep 2014 16:34:34 -0700
From: Michal Zalewski <lcamtuf@...edump.cx>
To: oss-security <oss-security@...ts.openwall.com>
Subject: Re: Healing the bash fork

> Either of these approaches completely solves the shellshock problem as currently revealed publicly.  (Some of the CVE information is still not public, so it's *possible* there is another big reveal, but I have no indication of one.)

Everything should be covered by Florian's patch. More here:

http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html

I'll post the technical details & PoCs tomorrow(ish).

/mz

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.