oss-sec mailing list archives

Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash)

From: Eric Blake <eblake () redhat com>
Date: Mon, 06 Oct 2014 09:03:46 -0600

On 10/05/2014 08:11 AM, David A. Wheeler wrote:

Everyone: Thank you VERY MUCH for your timeline corrections and additions on shellshock.

My updated document is here:
  http://www.dwheeler.com/essays/shellshock.html
The updated timeline is here:
  http://www.dwheeler.com/essays/shellshock.html#timeline


You list the release of bash43-026 twice, ten hours apart.

You should add the recent release of bash43-030 for CVE-2014-6278:

https://lists.gnu.org/archive/html/bug-bash/2014-10/msg00040.html
5 Oct 2014 19:06:06 -0400

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

Current thread:

Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash), (continued)
- Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) Kobrin, Eric (Oct 03)
  - Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) Stephane Chazelas (Oct 03)
    - Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) Kobrin, Eric (Oct 03)
    - Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) Riot (Oct 03)
    - Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) Riot (Oct 03)
    - Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) Stephane Chazelas (Oct 04)
    - Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) Hanno Böck (Oct 04)
    - Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) Steve Jones (Oct 04)
    - Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) Lance Davis (Oct 04)
    - Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) David A. Wheeler (Oct 05)
    - Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) Eric Blake (Oct 06)
- Re: Shellshock timeline Stephane Chazelas (Oct 03)
  - Re: Shellshock timeline Stephane Chazelas (Oct 03)
    - Stéphane Chazelas: How *DID* you find Shellshock? David A. Wheeler (Oct 08)
    - Re: Stéphane Chazelas: How *DID* you find Shellshock? stephane.chazelas (Oct 08)
- Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) Eric Blake (Oct 03)
  - Re: Shellshock timeline Eric Blake (Oct 03)
- Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) Riot (Oct 04)