On Mon, Nov 17, 2014 at 04:22:53PM +0000, Stephane Chazelas wrote: > The real bug doesn't have a CVE attached to it because it's not > a vulnerability or bug. It was "allowing the bash parser to be > exposed to untrusted data", more a very unsafe design that was > allowing any minor bug to turn into serious vulnerabilities.
Apparently I'm not very good at reading the vague, cryptic wording in these CVE reports. What I was trying to say originally was the same thing that you said; namely, that the real fix to all this mess is bash43-027 which changes the implementation of exported functions from foo='...' to BASH_FUNC_foo%%='...'.
