BASH PATCH REPORT ================= Bash-Release: 4.4 Patch-ID: bash44-013 Bug-Reported-by: Siteshwar Vashisht Bug-Reference-ID: <1508861265.9523642.1484659442561.JavaMail.zimbra@redhat.com> Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2017-01/msg00026.html Bug-Description: If a here-document contains a command substitution, the command substitution can get access to the file descriptor used to write the here-document. Patch (apply with `patch -p0'): *** ../bash-4.4-patched/redir.c 2016-06-02 20:22:24.000000000 -0400 --- redir.c 2017-01-17 13:23:40.000000000 -0500 *************** *** 470,473 **** --- 467,472 ---- } + SET_CLOSE_ON_EXEC (fd); + errno = r = 0; /* XXX */ /* write_here_document returns 0 on success, errno on failure. */ *** ../bash-4.4/patchlevel.h 2016-06-22 14:51:03.000000000 -0400 --- patchlevel.h 2016-10-01 11:01:28.000000000 -0400 *************** *** 26,30 **** looks for to find the patch level (for the sccs version string). */ ! #define PATCHLEVEL 12 #endif /* _PATCHLEVEL_H_ */ --- 26,30 ---- looks for to find the patch level (for the sccs version string). */ ! #define PATCHLEVEL 13 #endif /* _PATCHLEVEL_H_ */