On Wed, 8 Oct 2014, Gregor Best wrote: > From: Gregor Best <[email protected]> > To: Jason Adams <[email protected]> > Cc: [email protected] > Date: Wed, 8 Oct 2014 08:57:53 > Subject: Re: ksh, csh same vulnerability as bash > > On Tue, Oct 07, 2014 at 10:05:57PM -0700, Jason Adams wrote: > > [...] > > So the question is, for those of us that have added the bash package, > > why is bash still vulnerable after all these weeks, when > > everyone else has fixed their bash packages? > > > > Just checked for updated pkg, today, and its still vulnerable. > > [...] > > I'm running current here, with bash-4.3.28 from packages. The > error seems fixed:
... There's been a couple of extra patches released: bash43-029 & bash43-030. For my sins I'm still on OpenBSD5.3 on a couple of antique laptops. Yes, I know OpenBSD5.3 isn't supported and I should upgrade. However I've tweaked the port for bash to include all the recent patches. So I'm now running: GNU bash, version 4.2.53(1)-release (i386-unknown-openbsd5.3) -- Dennis Davis <[email protected]>
