From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 8C2DA13838B for ; Thu, 25 Sep 2014 12:58:37 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 76753E0A82; Thu, 25 Sep 2014 12:58:31 +0000 (UTC) Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 3DFCAE0A40 for ; Thu, 25 Sep 2014 12:58:30 +0000 (UTC) Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by gateway2.nyi.internal (Postfix) with ESMTP id C600F20CB9 for ; Thu, 25 Sep 2014 08:58:29 -0400 (EDT) Received: from frontend1 ([10.202.2.160]) by compute3.internal (MEProxy); Thu, 25 Sep 2014 08:58:29 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=fastmail.co.uk; h= x-sasl-enc:message-id:date:from:mime-version:to:subject :references:in-reply-to:content-type:content-transfer-encoding; s=mesmtp; bh=Qkpk7fc8l/ZsCRzzgIyVrshRJtc=; b=dGij2tWLfLvZjlX9zh V8IYVX/C/L3EKIq/TKC2cjHi2mLXGCIWKgF7Wh3xAlFHRaDDdMgny9gRby7Sj0zN xsB3TXLR0rI0Oy+yh6hRV2W3GH17+k6JZ0zjaL972l0sL9MYsW3yAF8sA6Yt2MtZ StwgEgPuf8uGdNnnUhDkCgcGw= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=x-sasl-enc:message-id:date:from :mime-version:to:subject:references:in-reply-to:content-type :content-transfer-encoding; s=smtpout; bh=Qkpk7fc8l/ZsCRzzgIyVrs hRJtc=; b=lr8w7qqZGXbe7uvc/YCoW0PImB0nYUJkq8TUpZ8Zo0lNF6tP77WsUJ 4XxzHmFE07qZ8xbSWPIWjUXTA2O6SfCnoeLx9BXfkcUZjarugBj5lm0+6EwlD5eD N1u/kIoIMhip+E3bAsRMfpp0R+TyJjzhjH28P+vE+dTS/s/7s+Wtc= X-Sasl-enc: i/n39Hqz/om+pv0L7nogJfPP4+8vhd83Fv1ecGQp1MUV 1411649909 Received: from [192.168.1.130] (unknown [77.101.146.254]) by mail.messagingengine.com (Postfix) with ESMTPA id 76FA9C00916 for ; Thu, 25 Sep 2014 08:58:29 -0400 (EDT) Message-ID: <54241172.3080001@fastmail.co.uk> Date: Thu, 25 Sep 2014 13:58:26 +0100 From: Kerin Millar User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:24.0) Gecko/20140731 FossaMail/24.7.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] [Security] Update bash *NOW* References: <20140925015844.GA21952@waltdnes.org> <54241072.6090004@fastmail.co.uk> In-Reply-To: <54241072.6090004@fastmail.co.uk> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Archives-Salt: 5c0a725a-1dda-4514-9edc-c5b6ab656d3b X-Archives-Hash: b5e42f5aa2aded8ea5c6bf982160cf0e On 25/09/2014 13:54, Kerin Millar wrote: > On 25/09/2014 02:58, Walter Dnes wrote: > > [snip] > >> ...with malicious stuff, and it could get ugly. app-shells/bash-4.2_p48 >> has been pushed to Gentoo stable. The same "env" command results in... > > Unfortunately, that version did fully address the problem. Instead, > upgrade to 4.2_p48-r1 or any of the -r1 revision bumps that were > recently committed. For further details: > > https://bugs.gentoo.org/show_bug.cgi?id=523592 > Oops. Obviously, I meant to write "did not fully address the problem". --Kerin