[yocto] [PATCH] bash: update to latest (025) patchset (fixes CVE-2014-6271)
Francesco Del Degan
f.deldegan at endian.com
Thu Sep 25 20:10:45 PDT 2014
Ross, I picked up all set of patches because i saw in dora
http://git.yoctoproject.org/cgit/cgit.cgi/poky/tree/meta/recipes-extended/bash/bash_4.2.bb?h=dora
it was made in that way, so i assumed that it was the way to go.
Furthermore, analyzing the entire patchset it fixes several hangs, loops
and other bugs, so it would be interesting to have more fixed bash as well.
Last reason, is that PATCHLEVEL macro is printed out as well, so it would
be easily recognizable to have
GNU bash, version 4.3.25(1)-release
in bash --version output and just see that is good revision.
On Fri, Sep 26, 2014 at 12:40 AM, Burton, Ross <ross.burton at intel.com>
wrote:
> Hu Francesco,
>
> On 25 September 2014 11:35, Francesco Del Degan <f.deldegan at endian.com>
> wrote:
> > Updated to reflect the latest patchset in bash 4.3.
> > Fixes the CVE-2014-6271.
>
> I'm hearing that this isn't a complete fix, so lets wait for more patches.
>
> Is it possible to cherry-pick just the security fixes, instead of
> every patch they've released?
>
> Finally, patches for oe-core should go to openembedded-core@, not yocto at .
>
> Ross
>
--
--
:: e n d i a n
:: security with passion
:: Francesco Del Degan
:: software engineer
:: http://www.endian.com :: f.deldegan (AT) endian.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20140926/7ef7f812/attachment.html>
More information about the yocto
mailing list