[opensuse-security] Additional security patches for bash in 11.4 Evergreen?
Hello, I read the recent announcement regarding the end of maintenance for openSUSE 11.4 Evergreen. I really appreciate the patches for openSUSE-SU-2014:1238-1 (CVE-2014-6271) that were issued just after this announcement was made. My question is as follows: Are there any plans to issue patches for related CVEs that were posted shortly after CVE-2014-6271 (for example, 6277, 6278, 7169, 7186, and 7187)? Thanks, -Andrew -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
On Wed, Oct 01, 2014 at 03:15:30PM +0000, Andrew Chace wrote:
Hello,
I read the recent announcement regarding the end of maintenance for openSUSE 11.4 Evergreen. I really appreciate the patches for openSUSE-SU-2014:1238-1 (CVE-2014-6271) that were issued just after this announcement was made.
My question is as follows: Are there any plans to issue patches for related CVEs that were posted shortly after CVE-2014-6271 (for example, 6277, 6278, 7169, 7186, and 7187)?
For Evergreen 11.4, the evergreen team disabled this dangerous function import over environment variables feature completely. So it is no longer affected by those issues. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
Ok, thank you for the clarification. -Andrew -----Original Message----- From: Marcus Meissner [mailto:meissner@suse.de] Sent: Wednesday, October 01, 2014 10:39 AM To: Andrew Chace Cc: opensuse-security@opensuse.org Subject: Re: [opensuse-security] Additional security patches for bash in 11.4 Evergreen? On Wed, Oct 01, 2014 at 03:15:30PM +0000, Andrew Chace wrote:
Hello,
I read the recent announcement regarding the end of maintenance for openSUSE 11.4 Evergreen. I really appreciate the patches for openSUSE-SU-2014:1238-1 (CVE-2014-6271) that were issued just after this announcement was made.
My question is as follows: Are there any plans to issue patches for related CVEs that were posted shortly after CVE-2014-6271 (for example, 6277, 6278, 7169, 7186, and 7187)?
For Evergreen 11.4, the evergreen team disabled this dangerous function import over environment variables feature completely. So it is no longer affected by those issues. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
participants (2)
-
Andrew Chace -
Marcus Meissner