Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 26 Sep 2014 21:42:21 +0000 (UTC)
From:      Bryan Drewery <bdrewery@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r369349 - head
Message-ID:  <201409262142.s8QLgM4f005281@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: bdrewery
Date: Fri Sep 26 21:42:21 2014
New Revision: 369349
URL: http://svnweb.freebsd.org/changeset/ports/369349
QAT: https://qat.redports.org/buildarchive/r369349/

Log:
  Reword bash entry a bit

Modified:
  head/UPDATING

Modified: head/UPDATING
==============================================================================
--- head/UPDATING	Fri Sep 26 21:32:03 2014	(r369348)
+++ head/UPDATING	Fri Sep 26 21:42:21 2014	(r369349)
@@ -10,10 +10,11 @@ you update your ports collection, before
   AUTHOR: bdrewery@FreeBSD.org
 
   Bash supports a feature of exporting functions in the environment with
-  export -f.  Running bash with exported functioned in the environment will
-  then import those functions into the environment.  This resulted in
-  security issues CVE-2014-6271 and CVE-2014-7169, commonly known as
-  "shellshock".
+  export -f.  Running bash with exported functions in the environment will
+  then import those functions into the environment of the script being ran.
+  This resulted in security issues CVE-2014-6271 and CVE-2014-7169, commonly
+  known as "shellshock".  It also can result in poorly written scripts being
+  tricked into running arbitrary commands.  
 
   To fully mitigate against this sort of attack we have applied a non-upstream
   patch to disable this functionality by default.  You can execute bash



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201409262142.s8QLgM4f005281>