26 Sep
2014
26 Sep
'14
8:26 p.m.
On 09/26/2014 01:04 PM, Les Mikesell wrote:
On Fri, Sep 26, 2014 at 8:34 AM, Karanbir Singh mail-lists@karan.org wrote:
On 09/25/2014 08:41 PM, Nico Kadel-Garcia wrote:
Thinking about it, the git CentOS repository could possibly be vulnerable, depending on just how the git credentials are managed there I'd urge a check.
no shell out happens at git.centos.org
gitweb however, is exposed. As is anything that does a system() call.
Looks like a 2nd bash update was released today along with some nss-* packages. Is it necessary to do the nss-* update for this security issue?
No, the nss is a different issue, but it is also rated as an 'Important' security update.