[OE-core] bash: Fix CVE-2019-18276
Yu, Mingli
Mingli.Yu at windriver.com
Wed Mar 4 01:14:27 UTC 2020
Thanks Chet very much for your confirmation!
If the commit fixs the CVE-2019-18276, why is it merged to the master branch?
Thanks,
Mingli
________________________________________
From: Chet Ramey [chet.ramey at case.edu]
Sent: Tuesday, March 03, 2020 9:55 PM
To: Yu, Mingli; Mittal, Anuj; richard.purdie at linuxfoundation.org; openembedded-core at lists.openembedded.org; Huo, De; preid at electromag.com.au; akuster808 at gmail.com
Cc: chet.ramey at case.edu
Subject: Re: [OE-core] bash: Fix CVE-2019-18276
On 3/2/20 10:11 PM, Yu, Mingli wrote:
> Does https://git.savannah.gnu.org/cgit/bash.git/commit/?h=devel&id=951bdaad7a18cc0dc1036bba86b18b90874d39ff fix the issue reported in CVE-2019-18276? Could you help to provide some info here?
Yes, the changes from 6/27 fix the issue in the CVE.
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU chet at case.edu http://tiswww.cwru.edu/~chet/
More information about the Openembedded-core
mailing list