Re: CVE-2016-0634 code execution in Bash prompt when expanding hostname

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVE-2016-0634 code execution in Bash prompt when expanding hostname

From:	John Darrington
Subject:	Re: CVE-2016-0634 code execution in Bash prompt when expanding hostname
Date:	Wed, 21 Sep 2016 07:20:48 +0200
User-agent:	Mutt/1.5.23 (2014-03-12)

On Tue, Sep 20, 2016 at 04:55:30PM -0400, Leo Famulari wrote:
     Any advice on how we should handle CVE-2016-0634?
     
     http://seclists.org/oss-sec/2016/q3/534

Like the comment there says, it is only a problem if the machine has already 
been owned, so I don't
see what the issue is.  If there is an issue it is for the bash maintainers to 
patch.

J'

-- 
Avoid eavesdropping.  Send strong encrypted email.
PGP Public key ID: 1024D/2DE827B3 
fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.

signature.asc
Description: Digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

CVE-2016-0634 code execution in Bash prompt when expanding hostname, Leo Famulari, 2016/09/20
- Re: CVE-2016-0634 code execution in Bash prompt when expanding hostname, John Darrington <=
  - Re: CVE-2016-0634 code execution in Bash prompt when expanding hostname, Ludovic Courtès, 2016/09/21
    - Re: CVE-2016-0634 code execution in Bash prompt when expanding hostname, Leo Famulari, 2016/09/27
    - Bash 4.4 upgrade, Ludovic Courtès, 2016/09/30
    - Re: Bash 4.4 upgrade, Leo Famulari, 2016/09/30
    - Re: Bash 4.4 upgrade, Ludovic Courtès, 2016/09/30

Prev by Date: [PATCH] gnu: Add cmark.
Next by Date: [PATCH 0/1] webkitgtk 2.14.0 update
Previous by thread: CVE-2016-0634 code execution in Bash prompt when expanding hostname
Next by thread: Re: CVE-2016-0634 code execution in Bash prompt when expanding hostname
Index(es):
- Date
- Thread