Ubuntu
bash package

bash --version does not correspond to package name

Bug #1969856 reported by Casey Boettcher
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
bash (Ubuntu)
Won't Fix
Undecided
Unassigned

Bug Description

While investigating a potentially compromised system, I ran `bash --version` and got the following:

`GNU bash, version 4.4.20(1)-release (x86_64-pc-linux-gnu)`

Disquieting, given that I had just installed a package named `bash_4.4.18-2ubuntu1.3_amd64.deb`. I downloaded the `.deb` archive and, upon extracting it, checked its hash (SHA256) against the instance on my path. They were the same (`15d4469eb3da716fefcc0c395a5b1d1657ad0555ec3ae623e727bb0dfcee19cf`)--indicating, presumably, that I was running whatever version was in the `.deb` I'd just downloaded.

Why is the version reported by the binary different from the version used to denote the package?

See original description
Casey Boettcher (socketbox)
description: updated
Revision history for this message
Matthias Klose (doko) wrote :

bash upstream encodes the patchlevel into the version number, while patches and security fixes in Ubuntu are applied on top of the upstream version. That's expected behavior.

Changed in bash (Ubuntu):
status: New → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.