diff -u bash-4.2/debian/changelog bash-4.2/debian/changelog
--- bash-4.2/debian/changelog
+++ bash-4.2/debian/changelog
@@ -1,3 +1,11 @@
+bash (4.2-2ubuntu2.3) precise-security; urgency=medium
+
+  * SECURITY UPDATE: incomplete fix for CVE-2014-6271
+    - debian/patches/CVE-2014-7169.diff: fix logic in bash/parse.y.
+    - CVE-2014-7169
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 25 Sep 2014 02:11:10 -0400
+
 bash (4.2-2ubuntu2.2) precise-security; urgency=medium
 
   * SECURITY UPDATE: incorrect function parsing
diff -u bash-4.2/debian/patches/series.in bash-4.2/debian/patches/series.in
--- bash-4.2/debian/patches/series.in
+++ bash-4.2/debian/patches/series.in
@@ -52,0 +53 @@
+CVE-2014-7169.diff
only in patch2:
unchanged:
--- bash-4.2.orig/debian/patches/CVE-2014-7169.diff
+++ bash-4.2/debian/patches/CVE-2014-7169.diff
@@ -0,0 +1,17 @@
+Description: fix incomplete CVE-2014-6271 update
+Author: Chet Ramey <chet.ramey@case.edu>
+Origin: upstream, http://www.openwall.com/lists/oss-security/2014/09/25/10
+
+Index: bash-4.2/bash/parse.y
+===================================================================
+--- bash-4.2.orig/bash/parse.y	2014-09-25 02:09:45.791186206 -0400
++++ bash-4.2/bash/parse.y	2014-09-25 02:09:45.791186206 -0400
+@@ -2848,6 +2848,8 @@
+   FREE (word_desc_to_read);
+   word_desc_to_read = (WORD_DESC *)NULL;
+ 
++  eol_ungetc_lookahead = 0;
++
+   current_token = '\n';		/* XXX */
+   last_read_token = '\n';
+   token_to_read = '\n';