Marc, I've just upgraded to 4.3.7-ubuntu1.2 in trusty (https://launchpad.net/ubuntu/+source/bash/4.3-7ubuntu1.2) which I assume was supposed to protect against the test case provided for CVE-2014-7169. It doesn't appear to have done so. Confirmed that the upgrade was successfully applied.
harry@mars:~ aptitude show bash | egrep '^Version'
Version: 4.3-7ubuntu1.2
Marc, I've just upgraded to 4.3.7-ubuntu1.2 in trusty (https:/ /launchpad. net/ubuntu/ +source/ bash/4. 3-7ubuntu1. 2) which I assume was supposed to protect against the test case provided for CVE-2014-7169. It doesn't appear to have done so. Confirmed that the upgrade was successfully applied.
harry@mars:~ aptitude show bash | egrep '^Version'
Version: 4.3-7ubuntu1.2
harry@mars:~$ md5sum /bin/bash Downloads/ bash_4. 3-7ubuntu1. 2_amd64/ bin/bash e113a5794d54b73 2a /bin/bash e113a5794d54b73 2a Downloads/ bash_4. 3-7ubuntu1. 2_amd64/ bin/bash
3c263963be49239
3c263963be49239
harry@mars:~$ cat echo
cat: echo: No such file or directory
harry@mars:~$ env -i X='() { (a)=>\' bash -c 'echo date'
bash: X: line 1: syntax error near unexpected token `='
bash: X: line 1: `'
bash: error importing function definition for `X'
harry@mars:~$ cat echo
Fri Sep 26 00:38:09 BST 2014