BASH PATCH REPORT ================= Bash-Release: 4.4 Patch-ID: bash44-015 Bug-Reported-by: David Simmons Bug-Reference-ID: Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2017-02/msg00033.html Bug-Description: Process substitution can leak internal quoting to the parser in the invoked subshell. Patch (apply with `patch -p0'): *** ../bash-20170210/subst.c 2017-01-19 11:08:50.000000000 -0500 --- subst.c 2017-02-20 10:12:49.000000000 -0500 *************** *** 5907,5910 **** --- 5907,5912 ---- expanding_redir = 0; + remove_quoted_escapes (string); + subshell_level++; result = parse_and_execute (string, "process substitution", (SEVAL_NONINT|SEVAL_NOHIST)); *** ../bash-4.4/patchlevel.h 2016-06-22 14:51:03.000000000 -0400 --- patchlevel.h 2016-10-01 11:01:28.000000000 -0400 *************** *** 26,30 **** looks for to find the patch level (for the sccs version string). */ ! #define PATCHLEVEL 14 #endif /* _PATCHLEVEL_H_ */ --- 26,30 ---- looks for to find the patch level (for the sccs version string). */ ! #define PATCHLEVEL 15 #endif /* _PATCHLEVEL_H_ */