Hi Adam, On Mon, Oct 31, 2016 at 09:17:35PM +0000, Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Tue, 2016-10-11 at 07:02 +0200, Salvatore Bonaccorso wrote: > > bash in Stable is affected by > > > > CVE-2016-0634: Arbitrary code execution via malicious hostname > > > > and > > > > CVE-2016-7543: Specially crafted SHELLOPTS+PS4 variables allows > > command substitution > > > > which both are considered no-dsa (actually the first one unimportant, > > thus it's not tagged no-dsa in the security tracker). I have prepared > > an update for bash picking the two upstream patches for th 4.3 branch. > > Please go ahead.
Thanks a lot, uploaded. Regards, Salvatore
