On 09/26/2014 01:04 PM, Les Mikesell wrote: > On Fri, Sep 26, 2014 at 8:34 AM, Karanbir Singh <mail-lists at karan.org> wrote: >> On 09/25/2014 08:41 PM, Nico Kadel-Garcia wrote: >> >>> Thinking about it, the git CentOS repository could possibly be >>> vulnerable, depending on just how the git credentials are managed >>> there I'd urge a check. >> >> no shell out happens at git.centos.org >> >> gitweb however, is exposed. As is anything that does a system() call. >> > > Looks like a 2nd bash update was released today along with some nss-* > packages. Is it necessary to do the nss-* update for this security > issue? > No, the nss is a different issue, but it is also rated as an 'Important' security update. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20140926/b515a1bc/attachment-0008.sig>