Thanks a lot. I got the 'command not found' with CVE-2014-7187 in patch
3.1.23. Most of blogs and websites are wrong.
2014-11-14 14:25 GMT+08:00 :
> Configuration Information [Automatically generated, do not change]:
> Machine: i686
> OS: linux-gnu
> Compiler: gcc
> Compilation CFLAGS: -DPROGRAM
On 11/14/14, 1:25 AM, yutingkao23@yutingkao23-desktop wrote:
> Bash Version: 3.1
> Patch Level: 23
> Release Status: release
>
> Description:
> Where I test `(for x in {1..200} ; do echo "for x$x in ; do :"; done;
> for x in {1..200} ; do echo done ; done) | bas$
> It shows
>
On 11/13/2014 11:25 PM, yutingkao23@yutingkao23-desktop wrote:
> Does bash-3.1 with patch 23 fix the CVE-2014-7187 already ?
Yes. Read the list archives. You are running a bogus test (and should
report it to whoever wrote it), as the test you are running is NOT a
test for the CVE vulnera
Configuration Information [Automatically generated, do not change]:
Machine: i686
OS: linux-gnu
Compiler: gcc
Compilation CFLAGS: -DPROGRAM='bash' -DCONF_HOSTTYPE='i686'
-DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='i686-pc-linux-gnu' -$
uname output: Linux yutingkao23-desktop 2.6.32-38-generic #83-
