From owner-freebsd-ports@FreeBSD.ORG Thu Sep 25 16:13:10 2014 Return-Path: Delivered-To: ports@freebsd.org Received: from hammer.pct.niksun.com (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by hub.freebsd.org (Postfix) with ESMTP id 2FE10353; Thu, 25 Sep 2014 16:13:05 +0000 (UTC) Message-ID: <54243F0F.6070904@FreeBSD.org> Date: Thu, 25 Sep 2014 12:13:03 -0400 From: Jung-uk Kim User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.1.0 MIME-Version: 1.0 To: Koichiro IWAO , "Riyaz T.K" Subject: Re: bash velnerability References: <00000148ab969845-5940abcc-bb88-4111-8f7f-8671b0d0300b-000000@us-west-2.amazonses.com> In-Reply-To: <00000148ab969845-5940abcc-bb88-4111-8f7f-8671b0d0300b-000000@us-west-2.amazonses.com> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit Cc: ports@freebsd.org, Bryan Drewery X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Sep 2014 16:13:10 -0000 On 2014-09-25 02:54:06 -0400, Koichiro Iwao wrote: > Please let me make corrections. The "shellshock" bash > vulnerabilities are described by 2 CVEs. - CVE-2014-6271 - > CVE-2014-7169 > > The first CVE is already fixed in latest freebsd ports tree > (r369185), so far the second CVE is not fixed yet. CVE-2014-7169 is fixed now (r369261). http://svnweb.freebsd.org/changeset/ports/369261 Note the commit log says CVE-2014-3659 but it was actually reassigned as CVE-2014-7169. Jung-uk Kim > On Thu, Sep 25, 2014 at 11:58:30AM +0530, Riyaz T.K wrote: >> Hi, >> >> https://www.freebsd.org/cgi/ports.cgi?query=The+GNU+Project%27s+Bourne+Again+SHell&stype=text&sektion=all >> >> >> >> Is this version patched from the bash vulnerability? >> >> https://access.redhat.com/articles/1200223