[CentOS-devel] Critical update for bash was released today.

Fri Sep 26 18:04:32 UTC 2014
Les Mikesell <lesmikesell at gmail.com>

On Fri, Sep 26, 2014 at 8:34 AM, Karanbir Singh <mail-lists at karan.org> wrote:
> On 09/25/2014 08:41 PM, Nico Kadel-Garcia wrote:
>
>> Thinking about it, the git CentOS repository could possibly be
>> vulnerable, depending on just how the git credentials are managed
>> there I'd urge a check.
>
> no shell out happens at git.centos.org
>
> gitweb however, is exposed. As is anything that does a system() call.
>

Looks like a 2nd bash update was released today along with some nss-*
packages.  Is it necessary to do the nss-*  update for this security
issue?

-- 
  Les Mikesell
     lesmikesell at gmail.com