Yesterday a serious Bash vulnerability was disclosed, which led to the creation of the bash-cve-2014-6271 branch which is now half built:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271 http://seclists.org/oss-sec/2014/q3/650 http://hydra.gnu.org/jobset/gnu/bash-cve-2014-6271 However, a few hours later, the fix was found to be incomplete: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169 Currently a patch has been posted by the Bash maintainer, but there have been no reactions yet, and it’s not on ftp.gnu.org yet: http://seclists.org/oss-sec/2014/q3/690 We’ll apply it when as soon as there’s some confirmation that it does solve the problem, and get Hydra to rebuild the whole thing. We’ll merge the branch as soon as a reasonable subset has been built. Ludo’.
signature.asc
Description: PGP signature
