[cryptography] [OT] any updates on shellshock?

Jeremy Stanley fungi at yuggoth.org
Sat Oct 4 17:49:05 EDT 2014

On 2014-10-04 16:12:57 -0400 (-0400), Kevin wrote:
> Hello. I am wondering if we have any knew info on shellshock? How
> much of a threat is it at this point?

This is pretty off-topic as it has nothing whatsoever to do with
cryptography. You should check out the oss-security mailing list[1]
instead, which has several active discussion threads on that subject
at the moment. That said, it was basically all solved with the
prefix patch, and all the other related patches at this point are
just optional parser hardening fixes. The current state of
discussion is mostly putting together post-mortem timelines (the
most recent epiphany seems to be that the behavior was introduced 25
years ago in the 1.03 release and was at the time announced as a
positive feature).

> Patch Tuesday anyone?

Huh? You mean for Microsoft's "MS-Bash[TM]" fork?

[1] http://www.openwall.com/lists/oss-security/
Jeremy Stanley

More information about the cryptography mailing list