Unfixed Code Execution Vulnerability CVE-2016-7543
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
bash (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
I think I must be missing something:
CVE-2016-7543 is a high-impact code execution vulnerability for bash.
https:/
The patch has been released for a few months, and is available as an upstream package in debian: https:/
But I can't find any tracking of whether Canonical maintainers will or intend to release an updated package for the supported operating systems. I thought maybe it was fixed in a later release or is otherwise deemed to be not-applicable. But as far as I can tell, the issue is still open.
An open high danger (CVSS 3 Score: 8.4) CVE shows up on all our security scans. Is there any sanctioned way to address this? Is an updated package planned?
-- I previously asked this as a question and was told to report a security bug: https:/
information type: | Private Security → Public Security |
Status changed to 'Confirmed' because the bug affects multiple users.