Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 385486 Details for
Bug 523592
<app-shells/bash-{3.1_p18-r1,3.2_p52-r1,4.0_p39-r1,4.1_p12-r1,4.2_p48-r1}: Environment handling command injection (CVE-2014-{6271,7169})
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Proposed bash42-049
bash42-049 (text/plain), 1.58 KB, created by
mike@marineau.org
on 2014-09-26 02:05:27 UTC
(
hide
)
Description:
Proposed bash42-049
Filename:
MIME Type:
Creator:
mike@marineau.org
Created:
2014-09-26 02:05:27 UTC
Size:
1.58 KB
patch
obsolete
> BASH PATCH REPORT > ================= > >Bash-Release: 4.2 >Patch-ID: bash42-049 > >Bug-Reported-by: Tavis Ormandy <taviso@cmpxchg8b.com> >Bug-Reference-ID: >Bug-Reference-URL: http://twitter.com/taviso/statuses/514887394294652929 > >Bug-Description: > >Under certain circumstances, bash can incorrectly save a lookahead character and >return it on a subsequent call, even when reading a new line. > >Patch (apply with `patch -p0'): > >*** ../bash-4.2.48/parse.y 2012-12-31 11:52:57.000000000 -0500 >--- parse.y 2014-09-25 16:12:19.000000000 -0400 >*************** >*** 2851,2854 **** >--- 2851,2856 ---- > word_desc_to_read = (WORD_DESC *)NULL; > >+ eol_ungetc_lookahead = 0; >+ > current_token = '\n'; /* XXX */ > last_read_token = '\n'; >*** ../bash-4.2.48/y.tab.c 2012-12-31 11:53:10.000000000 -0500 >--- y.tab.c 2014-09-25 20:23:25.000000000 -0400 >*************** >*** 5163,5166 **** >--- 5163,5168 ---- > word_desc_to_read = (WORD_DESC *)NULL; > >+ eol_ungetc_lookahead = 0; >+ > current_token = '\n'; /* XXX */ > last_read_token = '\n'; >*************** >*** 8377,8379 **** > } > #endif /* HANDLE_MULTIBYTE */ >- >--- 8379,8380 ---- >*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010 >--- patchlevel.h Thu Feb 24 21:41:34 2011 >*************** >*** 26,30 **** > looks for to find the patch level (for the sccs version string). */ > >! #define PATCHLEVEL 48 > > #endif /* _PATCHLEVEL_H_ */ >--- 26,30 ---- > looks for to find the patch level (for the sccs version string). */ > >! #define PATCHLEVEL 49 > > #endif /* _PATCHLEVEL_H_ */
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 523592
:
385426
| 385486