From owner-svn-ports-head@FreeBSD.ORG  Wed Oct  1 16:42:37 2014
Return-Path: <owner-svn-ports-head@FreeBSD.ORG>
Delivered-To: svn-ports-head@freebsd.org
Received: from hammer.pct.niksun.com (freefall.freebsd.org
 [IPv6:2001:1900:2254:206c::16:87])
 by hub.freebsd.org (Postfix) with ESMTP id D94D1C3B;
 Wed,  1 Oct 2014 16:42:36 +0000 (UTC)
Message-ID: <542C2EFC.6090302@FreeBSD.org>
Date: Wed, 01 Oct 2014 12:42:36 -0400
From: Jung-uk Kim <jkim@FreeBSD.org>
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
 rv:31.0) Gecko/20100101 Thunderbird/31.1.2
MIME-Version: 1.0
To: Bryan Drewery <bdrewery@FreeBSD.org>, ports-committers@freebsd.org, 
 svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject: Re: svn commit: r369684 - in head/shells/bash: . files
References: <201410010335.s913ZD6R006655@svn.freebsd.org>
In-Reply-To: <201410010335.s913ZD6R006655@svn.freebsd.org>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-ports-head@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: SVN commit messages for the ports tree for head
 <svn-ports-head.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-ports-head>,
 <mailto:svn-ports-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-head/>
List-Post: <mailto:svn-ports-head@freebsd.org>
List-Help: <mailto:svn-ports-head-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-ports-head>,
 <mailto:svn-ports-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Oct 2014 16:42:37 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2014-09-30 23:35:13 -0400, Bryan Drewery wrote:
> Author: bdrewery Date: Wed Oct  1 03:35:12 2014 New Revision:
> 369684 URL: http://svnweb.freebsd.org/changeset/ports/369684 QAT:
> https://qat.redports.org/buildarchive/r369684/
> 
> Log: Add RedHat's patch for CVE-2014-7186, commonly known as
> "redir_stack" overflow, which has not been shown to be as critical
> as "shellshock" currently.
> 
> Security:	CVE-2014-7186

Thanks!

BTW, this patch also fixes CVE-2014-7187.

http://www.openwall.com/lists/oss-security/2014/09/26/2

FYI, 4.3 Patchlevel 27 fixed two more CVEs, i.e., CVE-2014-6277 and
CVE-2014-6278.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278

Jung-uk Kim
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBAgAGBQJULC78AAoJEHyflib82/FGLU4H/1Rb5XpN9qjYr0np6lP+EIto
+k+NWSW8m2y0C6qL73sS0ceJUZRN91KUwNMk9/UN6J/i4DQI8a84wZCYrTRu87V7
/KUVm95qL90ZQHPlmHD7H/CTWF/UqAkfoDHBueFyp6imRH0soW5KulJ4m78SiNH1
iijnd5EQCURCuNGoPRcn+pcXXBBxhiQ/Cl81AN1Pcde0jGVw+M+H5xnLqxgJr+8/
IW4J5qMfSXTITKZc9ri8CU94lQurPFQ8dn2eVsPZN2e3SC237vSEXKYCnaxG6Ffh
ZWFuV83J3G7c2dBTdzSRq6hVKro48WKvzBecqmp4Og7AxBYuV4ysdoUz95oAyeY=
=HibU
-----END PGP SIGNATURE-----