[Pkg-zsh-devel] Bug#894044: zsh: CVE-2018-1071
Salvatore Bonaccorso
carnil at debian.org
Sun Mar 25 19:03:16 UTC 2018
Source: zsh
Version: 5.4.2-3
Severity: normal
Tags: patch security upstream
Hi,
the following vulnerability was published for zsh.
CVE-2018-1071[0]:
| zsh through version 5.4.2 is vulnerable to a stack-based buffer
| overflow in the exec.c:hashcmd() function. A local attacker could
| exploit this to cause a denial of service.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-1071
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1071
[1] https://sourceforge.net/p/zsh/code/ci/679b71ec4d852037fe5f73d35bf557b0f406c8d4
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Pkg-zsh-devel
mailing list