On 9/26/2014 5:01 PM, Bryan Drewery wrote:
On 9/26/2014 12:41 PM, Bryan Drewery wrote:
On 9/26/2014 11:51 AM, Bryan Drewery wrote:
On 9/26/2014 11:46 AM, Bartek Rutkowski wrote:
Apparently, the full fix is still not delivered, accordingly to this:
http://seclists.org/oss-sec/2014/q3/741
Kind regards,
Bartek Rutkowski
I'm pretty sure they call that a "feature". This is a bit different.
I've disabled environment function importing in the port. Using
--import-functions will allow it to work if you need it.
Hi Bryan,
With the latest ports, bashcheck still sees some issues with bash. Are
these false positives on FreeBSD ?
Using
https://raw.githubusercontent.com/hannob/bashcheck/master/bashcheck
Not vulnerable to CVE-2014-6271 (original shellshock)
Not vulnerable to CVE-2014-7169 (taviso bug)
./bashcheck: line 18: 54908 Segmentation fault (core dumped) bash
-c "true $(printf '<<EOF %.0s' {1..79})" 2> /dev/null
Vulnerable to CVE-2014-7186 (redir_stack bug)
Test for CVE-2014-7187 not reliable without address sanitizer
Variable function parser inactive, likely safe from unknown parser bugs
---Mike
--
-------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada http://www.tancsa.com/
_______________________________________________
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
