On Sep 25, 2014, at 8:09 AM, Matt Haggard wrote:
> >
> > Any web server which is serving traffic over a CGI or CGI-like interface
> > (including WSGI) should upgrade its version of Bash immediately.
> >
>
> I feel ignorant, but I'm confused about how WSGI is affected (and have failed
> to expl
>
> Any web server which is serving traffic over a CGI or CGI-like interface
> (including WSGI) should upgrade its version of Bash immediately.
>
I feel ignorant, but I'm confused about how WSGI is affected (and have
failed to exploit my WSGI app). AFAICT from reading the code, Twisted's
WSGIReso
On Sep 24, 2014, at 7:26 PM, Alex Gaynor wrote:
> Please be aware that there are reports that the current patches do not
> completely solve the issue, it is likely that users will need to perform
> updates a second time.
These reports are being tracked as CVE-2014-7169.
More information here:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi all,
Today a security release of Bash was issued, fixing a critical vulnerability.
This vulnerability allows an attacker to inject and execute arbitrary code on
many web servers and other applications.
This issue does not affect Twisted directly,
