Just FYI, if this were really a critical security issue, this is not how you
should disclose it:

https://www.reddit.com/r/netsec/comments/3h997d/bash_integer_overflow/

You have to first contact the maintainer in private, make sure the issue is
acknowleged, fixed, and that the fix is available to most Bash users *before*
disclosing anything.

This just strikes me as a way to make yourself publicity. If you really want to
help to fix Bash, instead of just complaining about some odd looking comments,
provide patches...

-- 
Eduardo Bustamante
https://dualbus.me/

Reply via email to