On 13/10/14 at 03:50pm, Georgi Guninski wrote:
lol :)
https://lists.ubuntu.com/archives/ubuntu-security-announce/2014-September/00...
USN-2363-1 fixed a vulnerability in Bash. Due to a build issue, the patch for CVE-2014-7169 didn't get properly applied in the Ubuntu 14.04 LTS package. This update fixes the problem.
We apologize for the inconvenience.
Don't trust distro that do not use vanilla packages (like Debian, of course). Try to trust who build vanilla packages; usually developers know much more on their software than an anonymous packager. For example, I cite ArchLinux [1] where it is clear that they take patches directly from [2]. Have a nice day [1] https://projects.archlinux.org/svntogit/packages.git/commit/trunk?h=packages/bash&id=6faff0d7b1cc951d8bf949b142d070788a8f56e2 [2] http://ftp.gnu.org/gnu/bash/bash-4.3-patches/