Ubuntu's QA and skills at patching
danimoth
danimoth at cryptolab.net
Mon Oct 13 06:35:57 PDT 2014
On 13/10/14 at 03:50pm, Georgi Guninski wrote:
> lol :)
>
> https://lists.ubuntu.com/archives/ubuntu-security-announce/2014-September/002679.html
>
> USN-2363-1 fixed a vulnerability in Bash. Due to a build issue, the
> patch
> for CVE-2014-7169 didn't get properly applied in the Ubuntu 14.04 LTS
> package. This update fixes the problem.
>
> We apologize for the inconvenience.
Don't trust distro that do not use vanilla packages (like Debian, of
course).
Try to trust who build vanilla packages; usually developers know much
more on their software than an anonymous packager.
For example, I cite ArchLinux [1] where it is clear that they take
patches directly from [2].
Have a nice day
[1]
https://projects.archlinux.org/svntogit/packages.git/commit/trunk?h=packages/bash&id=6faff0d7b1cc951d8bf949b142d070788a8f56e2
[2] http://ftp.gnu.org/gnu/bash/bash-4.3-patches/
More information about the cypherpunks
mailing list