25 Sep
2014
25 Sep
'14
16:47
On Thu, Sep 25, 2014 at 1:31 PM, Jason Craig <jc@jacraig.com> wrote:
On 09/25/2014 10:29 AM, marguerite wrote:
Someone said there's another hole in the fixed bash?
Yes, MITRE issued a new CVE (CVE-2014-7169) for issues remaining after the patch. I haven't heard any specific details as to what those issues might be.
So, I'm glad I decided to disable the AcceptEnv ;-) I wonder if one can configure ssh to validate the values in the environment variables? LANG variables don't need arbitrary stuff, just one of several possible locales -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org