Unfixed Code Execution Vulnerability CVE-2016-7543?

Asked by Luminousbit

I think I must be missing something:

CVE-2016-7543 is a high-impact code execution vulnerability for bash.

https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7543.html Is listed as needed for Precise/Trusty/Xenial.

The patch has been released for a few months, and is available as an upstream package in debian: https://security-tracker.debian.org/tracker/CVE-2016-7543

But I can't find any tracking of whether Canonical maintainers will or intend to release an updated package for the supported operating systems. I thought maybe it was fixed in a later release or is otherwise deemed to be not-applicable. But as far as I can tell, the issue is still open.

An open high danger (CVSS 3 Score: 8.4) CVE shows up on all our security scans. Is there any sanctioned way to address this? Is an updated package planned?

Question information

English Edit question
Ubuntu bash Edit question
No assignee Edit question
Last query:
Last reply:
Revision history for this message
actionparsnip (andrew-woodhead666) said :

I suggest you report a bug. Mark it as a security bug.

Can you help with this problem?

Provide an answer of your own, or ask Luminousbit for more information if necessary.

To post a message you must log in.