Comment 4 for bug 1373781

Marc, I've just upgraded to 4.3.7-ubuntu1.2 in trusty (https://launchpad.net/ubuntu/+source/bash/4.3-7ubuntu1.2) which I assume was supposed to protect against the test case provided for CVE-2014-7169. It doesn't appear to have done so. Confirmed that the upgrade was successfully applied.

harry@mars:~ aptitude show bash | egrep '^Version'
Version: 4.3-7ubuntu1.2

harry@mars:~$ md5sum /bin/bash Downloads/bash_4.3-7ubuntu1.2_amd64/bin/bash
3c263963be49239e113a5794d54b732a /bin/bash
3c263963be49239e113a5794d54b732a Downloads/bash_4.3-7ubuntu1.2_amd64/bin/bash

harry@mars:~$ cat echo
cat: echo: No such file or directory

harry@mars:~$ env -i X='() { (a)=>\' bash -c 'echo date'
bash: X: line 1: syntax error near unexpected token `='
bash: X: line 1: `'
bash: error importing function definition for `X'

harry@mars:~$ cat echo
Fri Sep 26 00:38:09 BST 2014