Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: bash (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1689304
Title:
Unfixed Code Execution Vulnerability CVE-2016-7543
Status in bash package in Ubuntu:
Confirmed
Bug description:
I think I must be missing something:
CVE-2016-7543 is a high-impact code execution vulnerability for bash.
https://people.canonical.com/~ubuntu-
security/cve/2016/CVE-2016-7543.html Is listed as needed for
Precise/Trusty/Xenial.
The patch has been released for a few months, and is available as an
upstream package in debian: https://security-
tracker.debian.org/tracker/CVE-2016-7543
But I can't find any tracking of whether Canonical maintainers will or
intend to release an updated package for the supported operating
systems. I thought maybe it was fixed in a later release or is
otherwise deemed to be not-applicable. But as far as I can tell, the
issue is still open.
An open high danger (CVSS 3 Score: 8.4) CVE shows up on all our
security scans. Is there any sanctioned way to address this? Is an
updated package planned?
-- I previously asked this as a question and was told to report a
security bug:
https://answers.launchpad.net/ubuntu/+source/bash/+question/631268
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1689304/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
