This bug was fixed in the package bash - 4.3-15ubuntu1.1
--------------- bash (4.3-15ubuntu1.1) yakkety-security; urgency=medium
* SECURITY UPDATE: word expansions on the prompt strings (LP: #1507025) - debian/patches/bash43-047.diff: add quoting to parse.y, y.tab.c. - CVE-2016-0634 * SECURITY UPDATE: code execution via crafted SHELLOPTS and PS4 (LP: #1689304) - debian/patches/bash43-048.diff: check for root in variables.c. - CVE-2016-7543 * SECURITY UPDATE: restricted shell bypass via use-after-free - debian/patches/bash44-006.diff: check for negative offsets in builtins/pushd.def. - CVE-2016-9401
-- Marc Deslauriers <email address hidden> Tue, 16 May 2017 07:44:56 -0400
This bug was fixed in the package bash - 4.3-15ubuntu1.1
---------------
bash (4.3-15ubuntu1.1) yakkety-security; urgency=medium
* SECURITY UPDATE: word expansions on the prompt strings (LP: #1507025) patches/ bash43- 047.diff: add quoting to parse.y, y.tab.c. patches/ bash43- 048.diff: check for root in variables.c. patches/ bash44- 006.diff: check for negative offsets in pushd.def.
- debian/
- CVE-2016-0634
* SECURITY UPDATE: code execution via crafted SHELLOPTS and PS4
(LP: #1689304)
- debian/
- CVE-2016-7543
* SECURITY UPDATE: restricted shell bypass via use-after-free
- debian/
builtins/
- CVE-2016-9401
-- Marc Deslauriers <email address hidden> Tue, 16 May 2017 07:44:56 -0400