Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2016-9401

Source

Debian Bug report logs - #844727
bash: CVE-2016-9401: popd controlled free

Package: src:bash; Maintainer for src:bash is Matthias Klose <doko@debian.org>;

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Fri, 18 Nov 2016 13:51:02 UTC

Severity: normal

Tags: security, upstream

Found in version bash/4.3-11

Fixed in version bash/4.4-3

Done: Salvatore Bonaccorso <carnil@debian.org>

Bug is archived. No further changes may be made.

Forwarded to https://lists.gnu.org/archive/html/bug-bash/2016-11/msg00099.html

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Matthias Klose <doko@debian.org>:
Bug#844727; Package src:bash. (Fri, 18 Nov 2016 13:51:04 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Matthias Klose <doko@debian.org>. (Fri, 18 Nov 2016 13:51:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Source: bash
Version: 4.3-11
Severity: normal
Tags: security upstream

Hi Matthias,

the following vulnerability was published for bash. It apparently has
been as well already reported to upstream, but have not found a public
report on the bug-bash mailinglist. AFAIK Chet has not addedd a patch
for this yet.

CVE-2016-9401[0]:
popd controlled free

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-9401
[1] http://www.openwall.com/lists/oss-security/2016/11/17/5

Regards,
Salvatore

Set Bug forwarded-to-address to 'https://lists.gnu.org/archive/html/bug-bash/2016-11/msg00099.html'. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Tue, 29 Nov 2016 06:18:03 GMT) (full text, mbox, link).

Reply sent to Salvatore Bonaccorso <carnil@debian.org>:
You have taken responsibility. (Fri, 20 Jan 2017 18:48:07 GMT) (full text, mbox, link).

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Fri, 20 Jan 2017 18:48:07 GMT) (full text, mbox, link).

Message #12 received at 844727-done@bugs.debian.org (full text, mbox, reply):

Source: bash
Source-Version: 4.4-3

This has been fixed with the 4.4-3 upload by applying the bash44-006
patch.

https://ftp.gnu.org/pub/gnu/bash/bash-4.4-patches/bash44-006

Regards,
Salvatore

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 04 Mar 2017 07:28:25 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 15:25:15 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

bash: CVE-2016-9401: popd controlled free

Debian Bug report logs - #844727
bash: CVE-2016-9401: popd controlled free

Vulmon Search

About

Products

Connect

bash: CVE-2016-9401: popd controlled free

Debian Bug report logs - #844727 bash: CVE-2016-9401: popd controlled free

Vulmon Search

About

Products

Connect

Debian Bug report logs - #844727
bash: CVE-2016-9401: popd controlled free