Hi Denny, On Thu, September 25, 2014 19:35, Denny Bortfeldt wrote: > Is it possible to fix also the 2nd part so that bash is really not > vulnerable at all? I saw that Gentoo patched the bash also twice.
It's indeed known that the bash fixes are incomplete. I would like to stress that the current fixes in bash already address a significant part of the attack possibilities so I'd strongly advise everyone to proceed with upgrading your systems now even if a further update may be forthcoming. Of interest may be the current patches that Huzaifa Sidhpurwala just posted to oss-security which sum up the current state of affairs of dealing with the shortcomings of the first patch. http://marc.info/?l=oss-security&m=141166689117442&w=2 Cheers, Thijs -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/22bbfe64c256809d44efc21311b46e29.squir...@aphrodite.kinkhorst.nl
