[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Shellshock-vulnerable version still most obvious on ftp.gnu.org
From: |
Eric Blake |
Subject: |
Re: Shellshock-vulnerable version still most obvious on ftp.gnu.org |
Date: |
Wed, 05 Nov 2014 15:20:13 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 |
On 11/05/2014 01:35 PM, Ian Jackson wrote:
> If you go to ftp://ftp.gnu.org/pub/gnu/bash/, the most obvious most
> recent version of bash is this:
> ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3.tar.gz
> ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3.tar.gz.sig
> The shellshock fix is hidden in a subdirectory:
> ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/
>
> This is not mentioned on the main bash webpage here:
> http://www.gnu.org/software/bash/
>
> Could there please be a new full tarball release of the patched
> version ?
There has never been a full tarball release of any other official patch;
so I'm not holding my breath that Chet's release process is going to
change. However, making it more obvious on the main webpage that EVERY
tarball needs to be augmented by the current set of official patches
would be a worthwhile improvement to that web page.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature