[OE-core] bash: Fix CVE-2019-18276
Mittal, Anuj
anuj.mittal at intel.com
Tue Mar 3 23:49:59 UTC 2020
On Tue, 2020-03-03 at 03:11 +0000, Yu, Mingli wrote:
> Hi Anuj,
>
> I agree the Backport status is not accurate as the patch doesn't go
> to master branch, but why do you say the patch is irrelevant to the
> CVE-2019-18276, could you help to provide more info?
I didn't say that the patch was irrelevant to the CVE. I had said that
not all the changes were relevant. I believe the glob changes in the
patch were irrelevant. Those changes also introduced a failure in bash
ptests.
Thanks,
Anuj
More information about the Openembedded-core
mailing list