Re: pkg_admin audit: false alarm for bash-4.4.012 (CVE-2016-9401)?

To: Matthias Ferdinand <mf+ml.pkgsrc-users%netzwerkagentursaarland.de@localhost>, pkgsrc-users%netbsd.org@localhost
Subject: Re: pkg_admin audit: false alarm for bash-4.4.012 (CVE-2016-9401)?
From: Sevan Janiyan <venture37%geeklan.co.uk@localhost>
Date: Wed, 1 Feb 2017 17:28:48 +0000

Hi Matthias,

On 01/02/2017 15:41, Matthias Ferdinand wrote:
> Could you (somebody? :-) please update the vulnerabilities file?

Thanks for the heads up.
The patch for this issue appears to be
https://ftp.gnu.org/pub/gnu/bash/bash-4.4-patches/bash44-006
According to https://security-tracker.debian.org/tracker/CVE-2016-9401
Thing is that while shells/bash 4.x version in the tree currently is not
vulnerable. shells/bash2 is still vulnerable which makes the listing
valid until the patch is applied there (unfortunately I'm not in a
position to patch the package at the moment so it may have to wait
another day, unless someone beats me to it).



Sevan

Follow-Ups:
- pkg_admin audit: false alarm for clamav-0.99.2 (CVE-2016-1405)?
  - From: Matthias Ferdinand

References:
- pkg_admin audit: false alarm for bash-4.4.012 (CVE-2016-9401)?
  - From: Matthias Ferdinand

Prev by Date: pkg_admin audit: false alarm for bash-4.4.012 (CVE-2016-9401)?
Next by Date: Re: Bootstrapping pkgsrc on Android, was: Can anybody come with a creative solution to the "/bin/sh: bad interpreter" problem?
Previous by Thread: pkg_admin audit: false alarm for bash-4.4.012 (CVE-2016-9401)?
Next by Thread: pkg_admin audit: false alarm for clamav-0.99.2 (CVE-2016-1405)?
Indexes:

Home | Main Index | Thread Index | Old Index