On 10/16/14, 5:02 PM, Dave Kalaluhi wrote:
> We have been compiling some of the older versions of bash to fix
> vulnerabilities, and for the most, has been working.
>
> However, when we patch the 013 patch for CVE-2014-7187, and run the
> nested loop, it's still showing as vulnerable.
>
> Has anyone else had a similiar experience?
Since the code that had the off-by-one error was not even in bash-2.05b,
I'm skeptical that it's vulnerable.
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU [email protected] http://cnswww.cns.cwru.edu/~chet/
