This page displays vulnerability information about FreeBSD Ports.
The last vuln.xml file processed by FreshPorts is:
nothing found there
List all Vulnerabilities, by package
List all Vulnerabilities, by date
These are the vulnerabilities relating to the commit you have selected:
|4a4e9f88-491c-11e4-ae2c-c80aa9043978||bash -- out-of-bounds memory access in parser|
RedHat security team reports:
|71ad81da-4414-11e4-a33e-3c970e169bc2||bash -- remote code execution vulnerability|
Chet Ramey reports:
The original fix released for CVE-2014-6271 was not adequate. A similar vulnerability was discovered and tagged as CVE-2014-7169.
gt 3.0 le 3.0.17
gt 3.1 le 3.1.18
gt 3.2 le 3.2.52
gt 4.0 le 4.0.39
gt 4.1 le 4.1.12
gt 4.2 le 4.2.48
gt 4.3 lt 4.3.25_1
|512d1301-49b9-11e4-ae2c-c80aa9043978||bash -- remote code execution|
Note that this is different than the public "Shellshock" issue.
Specially crafted environment variables could lead to remote arbitrary code execution. This was fixed in bash 4.3.27, however the port was patched with a mitigation in 4.3.25_2.