[Bug 1689304] Re: Unfixed Code Execution Vulnerability CVE-2016-7543
Hans Joachim Desserud
1689304 at bugs.launchpad.net
Mon May 8 17:20:09 UTC 2017
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-7543
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1689304
Title:
Unfixed Code Execution Vulnerability CVE-2016-7543
Status in bash package in Ubuntu:
New
Bug description:
I think I must be missing something:
CVE-2016-7543 is a high-impact code execution vulnerability for bash.
https://people.canonical.com/~ubuntu-
security/cve/2016/CVE-2016-7543.html Is listed as needed for
Precise/Trusty/Xenial.
The patch has been released for a few months, and is available as an
upstream package in debian: https://security-
tracker.debian.org/tracker/CVE-2016-7543
But I can't find any tracking of whether Canonical maintainers will or
intend to release an updated package for the supported operating
systems. I thought maybe it was fixed in a later release or is
otherwise deemed to be not-applicable. But as far as I can tell, the
issue is still open.
An open high danger (CVSS 3 Score: 8.4) CVE shows up on all our
security scans. Is there any sanctioned way to address this? Is an
updated package planned?
-- I previously asked this as a question and was told to report a
security bug:
https://answers.launchpad.net/ubuntu/+source/bash/+question/631268
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1689304/+subscriptions
More information about the foundations-bugs
mailing list