Just FYI, if this were really a critical security issue, this is not how you should disclose it:
https://www.reddit.com/r/netsec/comments/3h997d/bash_integer_overflow/ You have to first contact the maintainer in private, make sure the issue is acknowleged, fixed, and that the fix is available to most Bash users *before* disclosing anything. This just strikes me as a way to make yourself publicity. If you really want to help to fix Bash, instead of just complaining about some odd looking comments, provide patches... -- Eduardo Bustamante https://dualbus.me/