From owner-freebsd-security@FreeBSD.ORG Fri Sep 26 16:46:39 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B0AA79FE; Fri, 26 Sep 2014 16:46:39 +0000 (UTC) Received: from mail-qa0-x235.google.com (mail-qa0-x235.google.com [IPv6:2607:f8b0:400d:c00::235]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DD48662; Fri, 26 Sep 2014 16:46:39 +0000 (UTC) Received: by mail-qa0-f53.google.com with SMTP id cm18so6327796qab.40 for ; Fri, 26 Sep 2014 09:46:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type:content-transfer-encoding; bh=OR12KhxFS7zggStK0Fycepa90QWylIXgLEjP4ttNJDk=; b=ZJWrexnGsEu7op3/hYhmWQlaKx4BmikuBZBf5RiRnd2UwqpVzJQ3MEBi5xGudtWuvB U2LKQCWNOcWD9lf1H475ru9QsCYqWJWUNwHSd0Ao0/s3QBdGJhHftBe65YdXsxDIYQa/ /iJZhe9i2ajR95OeEsL06FsmbGQ93bwYPaZn7Ob7YxLLz2nsuDvr5qFl5yYHAi/d1lvQ byUjdpdoD2PF+DVYAHp0ewiLzh7socngCyn3I4jz4iyf7cnlqcvCg8TifeWalY57Y/wd lgVGjDUbg3pBi1kzgByoRI7uIMZ7TEZklorjJI82Gle6vbU3kYa+3GL529MOijJFvbur sxMA== MIME-Version: 1.0 X-Received: by 10.224.80.10 with SMTP id r10mr8284748qak.24.1411749998268; Fri, 26 Sep 2014 09:46:38 -0700 (PDT) Sender: spankthespam@gmail.com Received: by 10.229.203.72 with HTTP; Fri, 26 Sep 2014 09:46:38 -0700 (PDT) In-Reply-To: <542596E3.3070707@FreeBSD.org> References: <00000148ab969845-5940abcc-bb88-4111-8f7f-8671b0d0300b-000000@us-west-2.amazonses.com> <54243F0F.6070904@FreeBSD.org> <54244982.8010002@FreeBSD.org> <16EB2C50-FBBA-4797-83B0-FB340A737238@circl.lu> <542596E3.3070707@FreeBSD.org> Date: Fri, 26 Sep 2014 18:46:38 +0200 X-Google-Sender-Auth: u7mkMRnyFWZDA2S6B0fKRl_KT5o Message-ID: Subject: Re: bash velnerability From: Bartek Rutkowski To: Bryan Drewery Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-security , freebsd-ports X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Sep 2014 16:46:39 -0000 On Fri, Sep 26, 2014 at 6:40 PM, Bryan Drewery wrote= : > On 9/26/2014 2:36 AM, Steve Clement wrote: >> Dear all, >> >> In case you urgently need to go the manual route, here is one way to rea= lly patch your systems: >> >> https://www.circl.lu/pub/tr-27/ >> >> Until the patch is in the bash upstream=E2=80=A6 (which it might be by n= ow) >> >> Take care, >> > > The port has had the fixes since yesterday. The packages are building. > > -- > Regards, > Bryan Drewery > Apparently, the full fix is still not delivered, accordingly to this: http://seclists.org/oss-sec/2014/q3/741 Kind regards, Bartek Rutkowski