This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [ANNOUNCEMENT] Updated: bash-4.1.12-5

On 2014-09-24 20:35, Eric Blake (cygwin) wrote:
> A new release of bash, 4.1.12-5, has been uploaded and will soon reach a
> mirror near you; leaving the previous version of 4.1.10-4 on 32-bit, and
> 4.1.11-2 on 64-bit.
> =====
> This is a minor rebuild which picks up an upstream patch to fix
> CVE-2014-6271.  Left unpatched, a vulnerable version of bash could allow
> arbitrary code execution via specially crafted environment variables,
> and was exploitable through a number of remote services, so it is highly
> recommended that you upgrade.
> I also hope to have a build of bash 4.3 available soon, but wanted to
> get the CVE fixed as soon as possible due to its severity.  And I just
> noticed while preparing this announcement that $BASH_VERSION reports
> itself as 4.1.11 instead of 4.1.12, so I may do a quick 4.1.12-6 just to
> make sure things are clean for people going by version number tests
> instead of feature probes.

Hi Eric!

I haven't checked out 4.1.12-5 yet, so I don't know if I need to remind
you of the wordexp situation in 4.1.10-4? I wanted to get this mail sent
as quickly as possible...


Problem reports:
Unsubscribe info:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]