ubuntu/+source/bash:applied/ubuntu/trusty-devel

Last commit made on 2017-05-17
Get this branch:
git clone -b applied/ubuntu/trusty-devel https://git.launchpad.net/ubuntu/+source/bash
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/trusty-devel
Repository:
lp:ubuntu/+source/bash

Recent commits

72128ea... by Marc Deslauriers on 2017-05-16

Import patches-applied version 4.3-7ubuntu1.7 to applied/ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 870c5b6c76c141764cad229c667795927e371a0a
Unapplied parent: 1b582ad66fe7b3ee89b015796b47485678c6fe72

New changelog entries:
  * SECURITY UPDATE: word expansions on the prompt strings (LP: #1507025)
    - debian/patches/bash43-047.diff: add quoting to parse.y, y.tab.c.
    - CVE-2016-0634
  * SECURITY UPDATE: code execution via crafted SHELLOPTS and PS4
    (LP: #1689304)
    - debian/patches/bash43-048.diff: check for root in variables.c.
    - CVE-2016-7543
  * SECURITY UPDATE: restricted shell bypass via use-after-free
    - debian/patches/bash44-006.diff: check for negative offsets in
      builtins/pushd.def.
    - CVE-2016-9401

1b582ad... by Marc Deslauriers on 2017-05-16

Out-of-range negative offsets to popd can cause the shell to crash attempting

Gbp-Pq: bash44-006.diff.

b61a223... by Marc Deslauriers on 2017-05-16

If a malicious user can inject a value of $SHELLOPTS containing `xtrace'

Gbp-Pq: bash43-048.diff.

3318123... by Marc Deslauriers on 2017-05-16

Bash performs word expansions on the prompt strings after the special

Gbp-Pq: bash43-047.diff.

0dc5118... by Marc Deslauriers on 2017-05-16

When the readline `revert-all-at-newline' option is set, pressing newline

Gbp-Pq: bash-readline-revert.diff.

d6ea6c3... by Marc Deslauriers on 2017-05-16

A combination of nested command substitutions and function importing from

Gbp-Pq: CVE-2014-6278.diff.

f5e84d2... by Marc Deslauriers on 2017-05-16

When bash is parsing a function definition that contains a here-document

Gbp-Pq: CVE-2014-6277.diff.

0f6d199... by Marc Deslauriers on 2017-05-16

There are two local buffer overflows in parse.y that can cause the shell

Gbp-Pq: CVE-2014-718x.diff.

587307b... by Marc Deslauriers on 2017-05-16

This patch changes the encoding bash uses for exported functions to avoid

Gbp-Pq: variables-affix.diff.

6107de5... by Marc Deslauriers on 2017-05-16

Under certain circumstances, bash can incorrectly save a lookahead character and

Gbp-Pq: CVE-2014-7169.diff.