From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <zsh-workers-return-33246-mason-zsh=primenet.com.au@zsh.org>
Received: (qmail 5360 invoked by alias); 25 Sep 2014 13:35:33 -0000
Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm
Precedence: bulk
X-No-Archive: yes
List-Id: Zsh Workers List <zsh-workers.zsh.org>
List-Post: <mailto:zsh-workers@zsh.org>
List-Help: <mailto:zsh-workers-help@zsh.org>
X-Seq: 33246
Received: (qmail 29093 invoked from network); 25 Sep 2014 13:35:31 -0000
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on f.primenet.com.au
X-Spam-Level: 
X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_HI,
	SPF_HELO_PASS autolearn=ham version=3.3.2
X-AuditID: cbfec7f5-b7f776d000003e54-a5-54241a21a83c
Date: Thu, 25 Sep 2014 14:35:28 +0100
From: Peter Stephenson <p.stephenson@samsung.com>
To: Boyan Penkov <boyan.penkov@gmail.com>, zsh-workers@zsh.org
Cc: Adrian Bradd <ab4042@columbia.edu>
Subject: Re: Shellshock in zsh
Message-id: <20140925143528.2651c2c2@pwslap01u.europe.root.pri>
In-reply-to: <9D3C0670-6D81-4DE9-8E34-49D5835C3EA8@gmail.com>
References: <9D3C0670-6D81-4DE9-8E34-49D5835C3EA8@gmail.com>
Organization: Samsung Cambridge Solution Centre
X-Mailer: Claws Mail 3.7.9 (GTK+ 2.22.0; i386-redhat-linux-gnu)
MIME-version: 1.0
Content-type: text/plain; charset=UTF-8
Content-transfer-encoding: quoted-printable
X-Brightmail-Tracker:
 H4sIAAAAAAAAA+NgFlrDLMWRmVeSWpSXmKPExsVy+t/xy7qKUiohBmd3C1lc+P+HyaJv2z9m
	i4PND5kcmD0+XtzC4rFz1l12j1UHPzAFMEdx2aSk5mSWpRbp2yVwZVxfcZul4DhHRc+uQ4wN
	jJ/Zuhg5OSQETCRu7ljBDGGLSVy4tx4ozsUhJLCUUWL7vEnMEE4/k0T3jL8sIFUsAqoSOzd2
	s4LYbAKGElM3zWYEsUUE7CQWNbwFizMLqEk8ezKXCcQWFpCT+DV/E9BUDg5eAXuJPxdTQMKc
	ArYS8+f1gpUICdhILNz8lB3E5hfQl7j69xMTxEH2EjOvnAEbzysgKPFj8j0WiPHqEpPmLWKG
	sLUlnry7wDqBUXAWkrJZSMpmISlbwMi8ilE0tTS5oDgpPddIrzgxt7g0L10vOT93EyMkhL/u
	YFx6zOoQowAHoxIPr4e/cogQa2JZcWXuIUYJDmYlEV4xfpUQId6UxMqq1KL8+KLSnNTiQ4xM
	HJxSDYzrrt/MOPDR8ueZZ/7LbwtWqe1tmmC5/rKUCcejtJPuE/2VX7VWbdzPErNNZ0ufTHje
	2tS8M97yIS0nhR8uX5Rd0frxpfGtzb729eWvDyy8N31FgvwFdnlTx9W93fvzo0W85PLPywlf
	/jvrvM+h6u/2LT8Vg+4naybPU3dM/HjI7uyPZrv32zSUWIozEg21mIuKEwGf3fqCPwIAAA==

On Thu, 25 Sep 2014 09:29:08 -0400
Boyan Penkov <boyan.penkov@gmail.com> wrote:
> I=E2=80=99m writing to ask about zsh and Shellshock.  Since bash is affec=
ted,
> is zsh affected as well?  Two of us took a look, and we think it may
> be.
>=20
> Specifically, following these steps =E2=80=94
> https://access.redhat.com/articles/1200223 =E2=80=94 in zsh 5.0.6 on OS 1=
0.9.5
> and zsh 5.0.2 on OS 10.9.4 yields the =E2=80=9Cvulnerable=E2=80=9D output.

No, it isn't.  See the existing thread starting at:

http://www.zsh.org/mla/workers/2014/msg01016.html

(Hmmm... as the "steps" involve executing bash I'd have thought it was
obvious you needed to try with bash -> zsh inside the command line, but
apparently it isn't.  Is there anyone from redhat not already running
round in circles that would be able to make that clearer?)

pws

--=20
Peter Stephenson <p.stephenson@samsung.com>  Principal Software Engineer
Tel: +44 (0)1223 434724                Samsung Cambridge Solution Centre
St John's House, St John's Innovation Park, Cowley Road,
Cambridge, CB4 0DS, UK