pkgsrc-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: pkg_admin audit: false alarm for bash-4.4.012 (CVE-2016-9401)?
Hi Matthias,
On 01/02/2017 15:41, Matthias Ferdinand wrote:
> Could you (somebody? :-) please update the vulnerabilities file?
Thanks for the heads up.
The patch for this issue appears to be
https://ftp.gnu.org/pub/gnu/bash/bash-4.4-patches/bash44-006
According to https://security-tracker.debian.org/tracker/CVE-2016-9401
Thing is that while shells/bash 4.x version in the tree currently is not
vulnerable. shells/bash2 is still vulnerable which makes the listing
valid until the patch is applied there (unfortunately I'm not in a
position to patch the package at the moment so it may have to wait
another day, unless someone beats me to it).
Sevan
Home |
Main Index |
Thread Index |
Old Index