1
PublicDateAtUSN: 2017-03-27
2
Candidate: CVE-2017-5932
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5932
6
https://github.com/jheyens/bash_completion_vuln/raw/master/2017-01-17.bash_completion_report.pdf
7
https://usn.ubuntu.com/usn/usn-3294-1
9
The path autocompletion feature in Bash 4.4 allows local users to gain
10
privileges via a crafted filename starting with a " (double quote)
11
character and a command substitution metacharacter.
14
ratliff> introduced in the devel-branch in May 2015 according to report
21
upstream: https://ftp.gnu.org/gnu/bash/bash-4.4-patches/bash44-007
22
upstream_bash: released (4.4-3)
23
precise_bash: not-affected (code not present)
24
precise/esm_bash: not-affected (code not present)
25
trusty_bash: not-affected (code not present)
26
vivid/stable-phone-overlay_bash: not-affected (code not present)
27
vivid/ubuntu-core_bash: not-affected (code not present)
28
xenial_bash: not-affected (code not present)
29
yakkety_bash: not-affected (code not present)
30
zesty_bash: released (4.4-2ubuntu1.1)
31
devel_bash: released (4.4-5ubuntu1)