oss-sec mailing list archives

Re: Fwd: Non-upstream patches for bash

From: Roman Drahtmueller <draht () schaltsekun de>
Date: Sat, 27 Sep 2014 15:26:01 +0200 (CEST)


FWIW, I'm pretty sure I bumped into another bad-looking and probably
exploitable parser issue; for now, I sent the details privately to
Chet, Florian, and Alexander. But the bottom line is, the parser
really shouldn't be exposed to the outside world.


By way of exposing the parser to potentionally harmful content: Is the 
importing of functions the only occasion, or are there more than this?

Thanks,
Roman.

Current thread:

Fwd: Non-upstream patches for bash Huzaifa Sidhpurwala (Sep 25)
- Re: Fwd: Non-upstream patches for bash Solar Designer (Sep 25)
  - Re: Fwd: Non-upstream patches for bash Huzaifa Sidhpurwala (Sep 25)
    - Re: Fwd: Non-upstream patches for bash Michal Zalewski (Sep 25)
    - Re: Fwd: Non-upstream patches for bash Chet Ramey (Sep 25)
    - Re: Fwd: Non-upstream patches for bash Solar Designer (Sep 26)
    - Re: Fwd: Non-upstream patches for bash Solar Designer (Sep 26)
    - Re: Fwd: Non-upstream patches for bash Michal Zalewski (Sep 26)
    - Re: Fwd: Non-upstream patches for bash Roman Drahtmueller (Sep 27)
    - Re: Fwd: Non-upstream patches for bash Solar Designer (Sep 27)
    - Re: Fwd: Non-upstream patches for bash Roman Drahtmueller (Sep 27)
    - Re: Fwd: Non-upstream patches for bash Steve Jones (Sep 27)
    - Re: Fwd: Non-upstream patches for bash Michael Samuel (Sep 28)
    - Re: Fwd: Non-upstream patches for bash Sven Kieske (Sep 28)
    - Re: [langsec-discuss] [oss-security] Fwd: Non-upstream patches for bash Paul Burchard (Sep 29)
    - Re: Fwd: Non-upstream patches for bash Bernhard Hermann (Sep 29)
    - Re: Fwd: Non-upstream patches for bash Ed Prevost (Sep 29)
    - Re: Fwd: Non-upstream patches for bash Jakub Wilk (Sep 29)
    - Re: Fwd: Non-upstream patches for bash cve-assign (Sep 29)

(Thread continues...)