JM Marcastel

icon indicating a website link https://marcastel.com

icon company @ISLEcode icon location Switzerland

Results 23 comments of JM Marcastel

CVE-2019-14868

Well that's good news... you have the stable suff then :-) Apple updates can safely be applied too. As for the possible vulnerability, further investigation needs to be done. However...

CVE-2019-14868

Thanks for the heads up @kdudka. Against which source code are the aforementioned patches applied? The [specs file](https://git.centos.org/rpms/ksh/blob/859d0e11b5c270181c2f49e885b6c1924ab40915/f/SPECS/ksh.spec) points to stale http://www.research.att.com URLs (but does reference [the patch](https://git.centos.org/rpms/ksh/blob/859d0e11b5c270181c2f49e885b6c1924ab40915/f/SPECS/ksh.spec#_196) you mentioned).

CVE-2019-14868

So this patch was added [7 days ago](https://git.centos.org/rpms/ksh/c/859d0e11b5c270181c2f49e885b6c1924ab40915?branch=859d0e11b5c270181c2f49e885b6c1924ab40915). And (at least by the filenames) seems to be applied to _original_ AT&T tarballs and not against clones of GitHub's att/ast repository....