Comment 8 for bug 1373781

Hi,

Red Hat released new packages at https://rhn.redhat.com/errata/RHSA-2014-1306.html, that include fix for CVE-2014-7169, and they fixed with another way, and another problems (OOB memory access).

We can investigate from RH SRPM, http://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/bash-4.1.2-15.el6_5.2.src.rpm

IMHO, Red Hat fix included 3 patches.
 - bash-4.2-cve-2014-7169-0.patch : parser bug fix-A for CVE-2014-7169 (same as http://seclists.org/oss-sec/2014/q3/685 )
 - bash-4.2-cve-2014-7169-1.patch : introduce variable isolation in function import situation. another fix for CVE-2014-7169. this is new patch.
 - bash-4.2-cve-2014-7169-2.patch : OOB memory access(new problem) fix.

They probosed these new patches at http://www.openwall.com/lists/oss-security/2014/09/25/32 .

I make a proposition about that, could we apply these new patches? or they are not important?