bash: Fix for CVE-2014-6277

Follow up bash43-026 to parse properly function definitions in the values of environment variables, to not allow remote attackers to execute arbitrary code or to cause a denial of service. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277 Signed-off-by: Catalin Popeanga <Catalin.Popeanga@enea.com>
author: Catalin Popeanga <Catalin.Popeanga@enea.com> 2014-10-09 14:24:53 +0200
committer: Paul Eggleton <paul.eggleton@linux.intel.com> 2014-10-10 17:56:33 +0100
commit: 85961bcf81650992259cebb0ef1f1c6cdef3fefa (patch)
tree: ccaf004a34e671f00b24d2452f44ced060b9f9f2 /meta/recipes-extended/bash/bash_4.3.bb
parent: 153d1125659df9e5c09e35a58bd51be184cb13c1 (diff)
download: openembedded-core-85961bcf81650992259cebb0ef1f1c6cdef3fefa.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-extended/bash/bash_4.3.bb b/meta/recipes-extended/bash/bash_4.3.bb
index d7bfb98660..f36c6a1710 100644
--- a/meta/recipes-extended/bash/bash_4.3.bb
+++ b/meta/recipes-extended/bash/bash_4.3.bb
@@ -13,6 +13,7 @@ SRC_URI = "${GNU_MIRROR}/bash/${BPN}-${PV}.tar.gz;name=tarball \
            file://cve-2014-7169.patch \
            file://Fix-for-bash-exported-function-namespace-change.patch \
            file://cve-2014-7186_cve-2014-7187.patch \
+           file://cve-2014-6277.patch \
            file://run-ptest \
            "
author	Catalin Popeanga <Catalin.Popeanga@enea.com>	2014-10-09 14:24:53 +0200
committer	Paul Eggleton <paul.eggleton@linux.intel.com>	2014-10-10 17:56:33 +0100
commit	85961bcf81650992259cebb0ef1f1c6cdef3fefa (patch)
tree	ccaf004a34e671f00b24d2452f44ced060b9f9f2 /meta/recipes-extended/bash/bash_4.3.bb
parent	153d1125659df9e5c09e35a58bd51be184cb13c1 (diff)
download	openembedded-core-85961bcf81650992259cebb0ef1f1c6cdef3fefa.tar.gz