[OE-core] bash: Fix CVE-2019-18276

Mittal, Anuj anuj.mittal at intel.com
Tue Mar 3 23:49:59 UTC 2020


On Tue, 2020-03-03 at 03:11 +0000, Yu, Mingli wrote:
> Hi Anuj,
> 
> I agree the Backport status is not accurate as the patch doesn't go
> to master branch, but why do you say the patch is irrelevant to the
> CVE-2019-18276, could you help to provide more info?

I didn't say that the patch was irrelevant to the CVE. I had said that
not all the changes were relevant. I believe the glob changes in the
patch were irrelevant. Those changes also introduced a failure in bash
ptests.

Thanks,

Anuj


More information about the Openembedded-core mailing list