Summary: | <app-shells/bash-4.3_p46-r1: Arbitrary code execution via malicious hostname | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | base-system, bertrand |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1377613 | ||
Whiteboard: | A2 [glsa cve cleanup] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2016-09-20 10:55:37 UTC
IMHO bash-4.4 is way too new to start stabilization process anytime soon. bash-4.4/readline-7.0 are even masked for testing right now. commit 7722e02ff41d7e30b1e2226d0cabd4458cd6567c Author: Lars Wendler <polynomial-c@gentoo.org> Date: Tue Sep 20 16:59:44 2016 app-shells/bash: Revbump to fix CVE-2016-0634 (bug #594496). Package-Manager: portage-2.3.1 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> This should be fixed with =app-shells/bash-4.3_p46-r1 I gonna call stabilization tomorrow. Arches please test and mark stable =app-shells/bash-4.3_p46-r1 with target KEYWORDS: alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd Stable on alpha. amd64 stable Stable for HPPA PPC64. New GLSA Request filed. x86 stable sparc stable ppc stable arm stable ia64 stable Removing unstable arches. @maintainer(s), please cleanup. @ Maintainer(s): Please tell us how you want to proceed with previous versions. At least our CI project found no issues when I tried to remove previous versions, see https://github.com/gentoo/gentoo/pull/3100 This issue was resolved and addressed in GLSA 201612-39 at https://security.gentoo.org/glsa/201612-39 by GLSA coordinator Aaron Bauman (b-man). Reopened for cleanup... Cleanup request moved to bug 600174. |