#45162: bash @4.3.25: Vulnerable to code execution in environment variables (CVE-2014-7169) ------------------------+---------------------- Reporter: kost.hc@… | Owner: raimue@… Type: defect | Status: assigned Priority: High | Milestone: Component: ports | Version: 2.3.1 Resolution: | Keywords: Port: bash | ------------------------+---------------------- Comment (by sierkb@…): Fix for CVE-2014-7169 is official and published by GNU Project: [http://ftp.gnu.org/gnu/bash/], patch 26 for Bash 4.3 [http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-026], see also [http://seclists.org/oss-sec/2014/q3/734]. Please update MacPorts' bash accordingly from 4.3.25 to this new patch level 4.3.26 as soon as possible. -- Ticket URL: <https://trac.macports.org/ticket/45162#comment:7> MacPorts <http://www.macports.org/> Ports system for OS X