diff options
author | bdrewery <bdrewery@FreeBSD.org> | 2014-10-02 06:12:11 +0800 |
---|---|---|
committer | bdrewery <bdrewery@FreeBSD.org> | 2014-10-02 06:12:11 +0800 |
commit | 8bce6e9b7dd65127b9885ba1f3a34f5e1cf9f91e (patch) | |
tree | c638a5dc9905bc9920513b21bd08e00f67d4c2bc /security | |
parent | 292f9ca047499f41693a1a4b007cc6724f9e9454 (diff) | |
download | freebsd-ports-gnome-8bce6e9b7dd65127b9885ba1f3a34f5e1cf9f91e.tar.gz freebsd-ports-gnome-8bce6e9b7dd65127b9885ba1f3a34f5e1cf9f91e.tar.zst freebsd-ports-gnome-8bce6e9b7dd65127b9885ba1f3a34f5e1cf9f91e.zip |
- Document CVE-2014-7187 fixed in bash-4.3.27_1
Diffstat (limited to 'security')
-rw-r--r-- | security/vuxml/vuln.xml | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 1692cfd3ab7d..a52ba8e96cfa 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -105,11 +105,18 @@ Notes: possibly leading to arbitrary code execution when evaluating untrusted input that would not otherwise be run as code.</p> </blockquote> + <blockquote cite="https://access.redhat.com/security/cve/CVE-2014-7187"> + <p>An off-by-one error was discovered in the way Bash was handling + deeply nested flow control constructs. Depending on the layout of + the .bss segment, this could allow arbitrary execution of code that + would not otherwise be executed by Bash.</p> + </blockquote> </body> </description> <references> <url>https://access.redhat.com/security/cve/CVE-2014-7186</url> <cvename>CVE-2014-7186</cvename> + <cvename>CVE-2014-7187</cvename> </references> <dates> <discovery>2014-09-25</discovery> |