IRC Logs for #crux-devel Friday, 2014-09-26

Romsterthis vulnerability has apparently been lurking in the Bash shell for years.02:46
Romsterwe arn't using any CGI scripts on crux.nu are we?02:51
*** mavrick61 has quit IRC03:01
*** mavrick61 has joined #crux-devel03:02
teK__not that I'd have seen06:30
Romsterheartbleed now shellshock do i dare ask whats next08:14
frinnsthttp://seclists.org/oss-sec/2014/q3/att-690/eol-pushback.patch09:05
frinnstfixes it, along with the previous patch09:05
frinnsthttp://seclists.org/oss-sec/2014/q3/73409:06
frinnstproper patches09:06
frinnst[oss-security] Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability)10:42
frinnstawesome10:42
teK__lol12:33
*** xetver has quit IRC12:33
frinnstdoesnt seem like an issue though12:34
*** xetver has joined #crux-devel13:29
teK__so we still lack a bash update, right?15:10
jaegerhas the third vulnerability been fixed yet?15:26
teK__I thought there was a second updateless than 47 hours ago15:30
jaegerI haven't looked into it today15:30
frinnstthere's only two15:34
frinnstthere is some debate how to deal with the 3rd issue, but its due to a bash *feature*15:34
teK__so we included the second?15:35
teK__I thought this was younger thant he commit from jue some 40 hours ago15:35
teK__http://seclists.org/oss-sec/2014/q3/73415:37
teK__is this your 'third' vuln.?15:37
jaegerhttp://seclists.org/oss-sec/2014/q3/74115:38
teK__yeah so jues commit has been two days ago. (24th). My linked post (25th) talks from a patch tomorrow (i.e. 26th)15:39
jaegerok15:40
teK__Testing patch 25 and 26 from Chet, it looks to me like this is still an incomplete fix.15:40
teK__i.e. there's two patches not even adressing the third possible vuln.15:40
teK__we have 25 only\15:40
teK__http://crux.nu/gitweb/?p=ports/core.git;a=commit;h=552bb800c8979d746d1cb097252045954b149d3615:40
teK__that was quick15:41
frinnstjust pushed it15:41
frinnstjust got home :)15:41
teK__good frinnst15:41
teK__cherry-picking it for 3.0..15:50
*** novak__ has joined #crux-devel15:57
*** novak has quit IRC15:58
*** novak has joined #crux-devel16:25
*** novak__ has quit IRC16:25
*** nkris has joined #crux-devel19:46
*** nrxtx has quit IRC19:46
diversewow, they are finding more vulnerabilities in bash?23:44
diverseperhaps we might have to consider dash as a init scripting environment?23:45
diversealthough it might as well have vulnerabilites too23:46

Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!