On Tue, Oct 07, 2014 at 10:05:57PM -0700, Jason Adams wrote:
> [...]
> So the question is, for those of us that have added the bash package,
> why is bash still vulnerable after all these weeks, when everyone else has
> fixed
> their bash packages?
>
> Just checked for updated pkg, today, and its still vulnerable.
> [...]
I'm running current here, with bash-4.3.28 from packages. The error
seems fixed:
$ env x="() { :; }; echo fnord" bash -c 'echo whee'
whee
$
Looks good to me. Are you running 5.5? Then the mtier packages are
probably a good idea.
--
Gregor Best
