On Tue, Oct 07, 2014 at 10:05:57PM -0700, Jason Adams wrote:
> [...]
> So the question is, for those of us that have added the bash package,
> why is bash still vulnerable after all these weeks, when everyone else has 
> fixed
> their bash packages?
> 
> Just checked for updated pkg, today, and its still vulnerable.
> [...]

I'm running current here, with bash-4.3.28 from packages. The error
seems fixed:

        $ env x="() { :; }; echo fnord" bash -c 'echo whee'
        whee
        $

Looks good to me. Are you running 5.5? Then the mtier packages are
probably a good idea.

-- 
        Gregor Best

Reply via email to