<div dir="ltr">Hi Upendra,<div><br></div><div>FYI, the new security fix is out. The last opencsw bash package, bash-4.3.25,REV=2014.09.26, contains that fix and is not vulnerable to <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169" target="_blank" style="font-size:12.7272720336914px;font-family:arial,sans-serif">CVE-2014-7169</a>. It should land soon in stable, testing and unstable repositories on all opencsw mirrors.</div><div><br></div><div>Yann</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">2014-09-25 13:45 GMT+02:00 upen <span dir="ltr"><<a href="mailto:upendra.gandhi@gmail.com" target="_blank">upendra.gandhi@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Dan and Yann,<br>
<span class=""><br>
On Thu, Sep 25, 2014 at 2:15 AM, Yann Rouillard <<a href="mailto:yann@pleiades.fr.eu.org">yann@pleiades.fr.eu.org</a>> wrote:<br>
> Hi,<br>
><br>
> Yes, it is vulnerable.<br>
> But bash-4.3.25,REV=2014.09.25 mitigates this security issue, you will find<br>
> this package in my experimental repository<br>
> <a href="http://buildfarm.opencsw.org/opencsw/experimental/yann" target="_blank">http://buildfarm.opencsw.org/opencsw/experimental/yann</a> and it will soon land<br>
> in unstable and testing repositories.<br>
><br>
> However the story is not finished as the current fix doesn't yet solve all<br>
> the problems, another CVE has been issued to track the remaining ones:<br>
> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169" target="_blank">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169</a><br>
><br>
> Expect another update when the new security fix is out.<br>
><br>
> Yann<br>
><br>
<br>
</span>Thank you very much for that information. Meanwhile I had compiled my<br>
own bash binary using source package and the patch. But I wasn't<br>
really aware there is another issue not fixed yet. Glad I posted this<br>
question.<br>
<br>
Thanks again.<br>
<span class="HOEnZb"><font color="#888888">Upen<br>
</font></span></blockquote></div><br></div>