[OE-core] bash: Fix CVE-2019-18276

Yu, Mingli Mingli.Yu at windriver.com
Wed Mar 4 01:14:27 UTC 2020


Thanks Chet very much for your confirmation!

If the commit fixs the CVE-2019-18276, why is it merged to the master branch?

Thanks,
Mingli
________________________________________
From: Chet Ramey [chet.ramey at case.edu]
Sent: Tuesday, March 03, 2020 9:55 PM
To: Yu, Mingli; Mittal, Anuj; richard.purdie at linuxfoundation.org; openembedded-core at lists.openembedded.org; Huo, De; preid at electromag.com.au; akuster808 at gmail.com
Cc: chet.ramey at case.edu
Subject: Re: [OE-core] bash: Fix CVE-2019-18276

On 3/2/20 10:11 PM, Yu, Mingli wrote:

> Does https://git.savannah.gnu.org/cgit/bash.git/commit/?h=devel&id=951bdaad7a18cc0dc1036bba86b18b90874d39ff fix the issue reported in CVE-2019-18276? Could you help to provide some info here?

Yes, the changes from 6/27 fix the issue in the CVE.


--
``The lyf so short, the craft so long to lerne.'' - Chaucer
                 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU    chet at case.edu    http://tiswww.cwru.edu/~chet/


More information about the Openembedded-core mailing list