#45162: bash @4.3.25: Vulnerable to code execution in environment variables (CVE-2014-7169) ------------------------+---------------------- Reporter: kost.hc@… | Owner: raimue@… Type: defect | Status: assigned Priority: High | Milestone: Component: ports | Version: 2.3.1 Resolution: | Keywords: Port: bash | ------------------------+---------------------- Comment (by raimue@…): I committed an update to bash @4.3.26 in r125830. I think at this point it also makes sense to also take the other patches from Debian, especially for the new issues CVE-2014-7186 and CVE-2014-7187. Clemens (cal@), what is the source of the patches you posted? I would like to add a proper "Upstream: <URL>" or "Origin: <URL>" attribution in the patch files so we can reconstruct where they came from originally. -- Ticket URL: <https://trac.macports.org/ticket/45162#comment:13> MacPorts <http://www.macports.org/> Ports system for OS X