Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 25 Sep 2014 12:13:03 -0400
From:      Jung-uk Kim <jkim@FreeBSD.org>
To:        Koichiro IWAO <meta@vmeta.jp>, "Riyaz T.K" <riyaz@admod.com>
Cc:        ports@freebsd.org, Bryan Drewery <bdrewery@FreeBSD.org>
Subject:   Re: bash velnerability
Message-ID:  <54243F0F.6070904@FreeBSD.org>
In-Reply-To: <00000148ab969845-5940abcc-bb88-4111-8f7f-8671b0d0300b-000000@us-west-2.amazonses.com>
References:  <CAHFU5H5WOnAXuFmfQEGkTvwoECATTCC3eKYE3yts%2BBqh1M_8ww@mail.gmail.com> <00000148ab969845-5940abcc-bb88-4111-8f7f-8671b0d0300b-000000@us-west-2.amazonses.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On 2014-09-25 02:54:06 -0400, Koichiro Iwao wrote:
> Please let me make corrections.  The "shellshock" bash 
> vulnerabilities are described by 2 CVEs. - CVE-2014-6271 - 
> CVE-2014-7169
> 
> The first CVE is already fixed in latest freebsd ports tree 
> (r369185), so far the second CVE is not fixed yet.

CVE-2014-7169 is fixed now (r369261).

http://svnweb.freebsd.org/changeset/ports/369261

Note the commit log says CVE-2014-3659 but it was actually reassigned
as CVE-2014-7169.

Jung-uk Kim

> On Thu, Sep 25, 2014 at 11:58:30AM +0530, Riyaz T.K wrote:
>> Hi,
>> 
>> https://www.freebsd.org/cgi/ports.cgi?query=The+GNU+Project%27s+Bourne+Again+SHell&stype=text&sektion=all
>>
>>
>>
>> 
Is this version patched from the bash vulnerability?
>> 
>> https://access.redhat.com/articles/1200223



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?54243F0F.6070904>