Additional security patches for bash in 11.4 Evergreen?

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Additional security patches for bash in 11.4 Evergreen?

Andrew Chace
Hello,

I read the recent announcement regarding the end of maintenance for openSUSE 11.4 Evergreen. I really appreciate the patches for openSUSE-SU-2014:1238-1 (CVE-2014-6271) that were issued just after this announcement was made.

My question is as follows: Are there any plans to issue patches for related CVEs that were posted shortly after CVE-2014-6271 (for example, 6277, 6278, 7169, 7186, and 7187)?

Thanks,
-Andrew
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Additional security patches for bash in 11.4 Evergreen?

Marcus Meissner
On Wed, Oct 01, 2014 at 03:15:30PM +0000, Andrew Chace wrote:
> Hello,
>
> I read the recent announcement regarding the end of maintenance for openSUSE 11.4 Evergreen. I really appreciate the patches for openSUSE-SU-2014:1238-1 (CVE-2014-6271) that were issued just after this announcement was made.
>
> My question is as follows: Are there any plans to issue patches for related CVEs that were posted shortly after CVE-2014-6271 (for example, 6277, 6278, 7169, 7186, and 7187)?

For Evergreen 11.4, the evergreen team disabled this dangerous function
import over environment variables feature completely.

So it is no longer affected by those issues.

Ciao, Marcus
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

RE: Additional security patches for bash in 11.4 Evergreen?

Andrew Chace
Ok, thank you for the clarification.

-Andrew

-----Original Message-----
From: Marcus Meissner [mailto:[hidden email]]
Sent: Wednesday, October 01, 2014 10:39 AM
To: Andrew Chace
Cc: [hidden email]
Subject: Re: [opensuse-security] Additional security patches for bash in 11.4 Evergreen?

On Wed, Oct 01, 2014 at 03:15:30PM +0000, Andrew Chace wrote:
> Hello,
>
> I read the recent announcement regarding the end of maintenance for openSUSE 11.4 Evergreen. I really appreciate the patches for openSUSE-SU-2014:1238-1 (CVE-2014-6271) that were issued just after this announcement was made.
>
> My question is as follows: Are there any plans to issue patches for related CVEs that were posted shortly after CVE-2014-6271 (for example, 6277, 6278, 7169, 7186, and 7187)?

For Evergreen 11.4, the evergreen team disabled this dangerous function import over environment variables feature completely.

So it is no longer affected by those issues.

Ciao, Marcus
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]