On Tue, Oct 07, 2014 at 10:05:57PM -0700, Jason Adams wrote: > [...] > So the question is, for those of us that have added the bash package, > why is bash still vulnerable after all these weeks, when everyone else has > fixed > their bash packages? > > Just checked for updated pkg, today, and its still vulnerable. > [...]
I'm running current here, with bash-4.3.28 from packages. The error seems fixed: $ env x="() { :; }; echo fnord" bash -c 'echo whee' whee $ Looks good to me. Are you running 5.5? Then the mtier packages are probably a good idea. -- Gregor Best