[yocto] [OE-core] [PATCH] bash: update to latest (025) patchset (fixes CVE-2014-6271)
Francesco Del Degan
f.deldegan at endian.com
Thu Sep 25 20:00:21 PDT 2014
Yes, patch 026 that fixes CVE-2014-7169 is underway, should be pushed out
today:
http://www.openwall.com/lists/oss-security/2014/09/26/1
bash-4.2 (as in dora) got patch048 for CVE-2014-6179 and should receive
patch049 as well.
I'm going to send bash 3.2 and 4.2 patches in oe core ml.
On Fri, Sep 26, 2014 at 1:15 AM, Burton, Ross <ross.burton at intel.com> wrote:
> On 25 September 2014 23:48, Mark Hatle <mark.hatle at windriver.com> wrote:
> > So I would recommend that someone get the 025 patch (don't forget to
> patch
> > bash 3.2 as well) in.. and we should wait until their is an official one
> for
> > 7169.
>
> Agreed, and patches sent.
>
> Ross
> --
> _______________________________________________
> yocto mailing list
> yocto at yoctoproject.org
> https://lists.yoctoproject.org/listinfo/yocto
>
--
--
:: e n d i a n
:: security with passion
:: Francesco Del Degan
:: software engineer
:: http://www.endian.com :: f.deldegan (AT) endian.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20140926/6604da3e/attachment.html>
More information about the yocto
mailing list