CVE-2014-6271 not listed in bash package changelog

Comments

This may seem minor, but the CVE-2014-6271 is not listed in the changelog for the latest bash package for RHEL 6.x.

https://access.redhat.com/downloads/content/rhel---6/x86_64/168/bash/4.1.2-15.el6_5.2/x86_64/fd431d51/package

2014-09-25 Ondrej Oprala <ooprala@redhat.com> - 4.1.2-15.2
    - CVE-2014-7169
    Resolves: #1146322
2014-09-15 Ondrej Oprala <ooprala@redhat.com - 4.1.2-15.1
    - Check for fishy environment
    Resolves: #1141645

'Check for fishy environment' is the fix for CVE-2014-6271 (as confirmed by the Bugzilla #) but CVE-2014-6271 is not listed.
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-6271

Can this be amended? It may help clear up some of the confusion around which packages fix the bash issues.

Started 2014-09-30T00:03:20+00:00 by

pixdrift ‏‏‎ ‎

Community Leader Guru 6730 points

Select Your Language

CVE-2014-6271 not listed in bash package changelog

Responses

Quick Links

Help

Site Info

Related Sites

About

Red Hat legal and privacy links

Red Hat legal and privacy links

Responses

Quick Links

Help

Site Info

Related Sites

Systems Status

About

Red Hat legal and privacy links

Red Hat legal and privacy links