svn commit: r369349 - head
Bryan Drewery
bdrewery at FreeBSD.org
Fri Sep 26 21:42:22 UTC 2014
Author: bdrewery
Date: Fri Sep 26 21:42:21 2014
New Revision: 369349
URL: http://svnweb.freebsd.org/changeset/ports/369349
QAT: https://qat.redports.org/buildarchive/r369349/
Log:
Reword bash entry a bit
Modified:
head/UPDATING
Modified: head/UPDATING
==============================================================================
--- head/UPDATING Fri Sep 26 21:32:03 2014 (r369348)
+++ head/UPDATING Fri Sep 26 21:42:21 2014 (r369349)
@@ -10,10 +10,11 @@ you update your ports collection, before
AUTHOR: bdrewery at FreeBSD.org
Bash supports a feature of exporting functions in the environment with
- export -f. Running bash with exported functioned in the environment will
- then import those functions into the environment. This resulted in
- security issues CVE-2014-6271 and CVE-2014-7169, commonly known as
- "shellshock".
+ export -f. Running bash with exported functions in the environment will
+ then import those functions into the environment of the script being ran.
+ This resulted in security issues CVE-2014-6271 and CVE-2014-7169, commonly
+ known as "shellshock". It also can result in poorly written scripts being
+ tricked into running arbitrary commands.
To fully mitigate against this sort of attack we have applied a non-upstream
patch to disable this functionality by default. You can execute bash
More information about the svn-ports-all
mailing list