#45150: bash 4.3.24_0 critical security update -------------------------+---------------------- Reporter: hahn.seb@… | Owner: raimue@… Type: defect | Status: closed Priority: Normal | Milestone: Component: ports | Version: Resolution: fixed | Keywords: haspatch Port: bash | -------------------------+---------------------- Comment (by johndouthat@…): After installing 4.3.25 from MacPorts, bash still seems to be vulnerable {{{ ~ $ echo $BASH_VERSION 4.3.25(1)-release ~ $ env x='() { :;}; echo vulnerable' bash -c "echo this is a test" vulnerable this is a test }}} I expected to see something like this: (from a patched Ubuntu 12.04 machine) {{{ ~$ echo $BASH_VERSION 4.2.25(1)-release ~$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test" bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x' this is a test }}} -- Ticket URL: <https://trac.macports.org/ticket/45150#comment:3> MacPorts <http://www.macports.org/> Ports system for OS X