l...@gnu.org (Ludovic Courtès) skribis: > <mark_weaver> the other three patches I'm aware of are: > http://seclists.org/oss-sec/2014/q3/att-690/eol-pushback.patch > (from Chet), > http://seclists.org/oss-sec/2014/q3/att-712/parse-oob-4_2.patch > (seems non-controversial), and > > http://seclists.org/oss-sec/2014/q3/att-712/variables-affix-4_2.patch > (more radical hardening, not fully compatible, but maybe still a > good idea) [09:40]
The ‘bash-cve-next’ branch applies the first two patches and is now being built: http://hydra.gnu.org/jobset/gnu/bash-cve-next Ludo’.
signature.asc
Description: PGP signature
