[Pkg-zsh-devel] Accepted zsh 4.3.17-1+deb7u2 (source all amd64) into oldoldstable
Markus Koschany
apo at debian.org
Sat Mar 31 21:30:26 UTC 2018
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 31 Mar 2018 22:56:22 +0200
Source: zsh
Binary: zsh zsh-doc zsh-static zsh-dev zsh-dbg
Architecture: source all amd64
Version: 4.3.17-1+deb7u2
Distribution: wheezy-security
Urgency: high
Maintainer: Debian Zsh Maintainers <pkg-zsh-devel at lists.alioth.debian.org>
Changed-By: Markus Koschany <apo at debian.org>
Description:
zsh - shell with lots of features
zsh-dbg - shell with lots of features (debugging symbols)
zsh-dev - shell with lots of features (development files)
zsh-doc - zsh documentation - info/HTML format
zsh-static - shell with lots of features (static link)
Changes:
zsh (4.3.17-1+deb7u2) wheezy-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Fix CVE-2018-1071: stack-based buffer overflow in the exec.c:hashcmd()
function. A local attacker could exploit this to cause a denial of service.
* Fix CVE-2018-1083: buffer overflow in the shell autocomplete
functionality. A local unprivileged user can create a specially crafted
directory path which leads to code execution in the context of the user who
tries to use autocomplete to traverse the before mentioned path. If the
user affected is privileged, this leads to privilege escalation.
Checksums-Sha1:
a7270a816f958e86400fdb1bbf0157f8ec42de57 2465 zsh_4.3.17-1+deb7u2.dsc
7470100ad2284c66d681bf1746989559b9b81405 153753 zsh_4.3.17-1+deb7u2.debian.tar.gz
e0d510c24bc5cb45c94202ee2f50dfb7241752ff 2568638 zsh-doc_4.3.17-1+deb7u2_all.deb
92d8362f932230b91be26b2d95529f620a668f6b 4916390 zsh_4.3.17-1+deb7u2_amd64.deb
650ce9ab55cdce32ac316021c17f3de195397403 1545410 zsh-dbg_4.3.17-1+deb7u2_amd64.deb
54aaae4974b06e117c9f8cc3242d83d76924a8aa 1018666 zsh-static_4.3.17-1+deb7u2_amd64.deb
399052ac85720c0b5167ccc744ef8b2f3e3b0cc2 84794 zsh-dev_4.3.17-1+deb7u2_amd64.deb
Checksums-Sha256:
209a6d7a26a33fb15cc6286a23bf4122f4df01e002e255ee433b2aa3383eb70a 2465 zsh_4.3.17-1+deb7u2.dsc
90f8555d12cd663701a6e3596796dd23baf54e4ae4384955120d6fc2991d67af 153753 zsh_4.3.17-1+deb7u2.debian.tar.gz
43c57f46e15671978c41538b28d743ef7f7a2b6668fec413d5483ade5c76d612 2568638 zsh-doc_4.3.17-1+deb7u2_all.deb
11e0123a7264c64f97432894e41380ed40c38175a4c7bb942a747490e40bae6b 4916390 zsh_4.3.17-1+deb7u2_amd64.deb
4fa01810e314a728599b2faa79a03048fa5765f859cd2a031d04bcd39bfba9dc 1545410 zsh-dbg_4.3.17-1+deb7u2_amd64.deb
a3495b3d203c8b886608c0fff7c13c774f8a52607971cc056d8f22eb48511676 1018666 zsh-static_4.3.17-1+deb7u2_amd64.deb
5c597bfef87fad58a6cfd236dd22cace720f68b02d675897cef7b3a130443fef 84794 zsh-dev_4.3.17-1+deb7u2_amd64.deb
Files:
27c069263e8103056ced8a7dfe21d103 2465 shells optional zsh_4.3.17-1+deb7u2.dsc
69a778f809f3532313ac89079c1486cc 153753 shells optional zsh_4.3.17-1+deb7u2.debian.tar.gz
e7bbb58e9fb933dfb47e9be410e5053d 2568638 doc optional zsh-doc_4.3.17-1+deb7u2_all.deb
71830927ddc31b4d2a1bd41658e60ba4 4916390 shells optional zsh_4.3.17-1+deb7u2_amd64.deb
c7df2bc2ad3e18352a46da0fed124976 1545410 debug extra zsh-dbg_4.3.17-1+deb7u2_amd64.deb
c97a3068a02f13f6f050790b7010df87 1018666 shells optional zsh-static_4.3.17-1+deb7u2_amd64.deb
a19950dc4dc41903e5d871e58a6e3e90 84794 libdevel optional zsh-dev_4.3.17-1+deb7u2_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlq/+zpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkLkcQALBeKS3jpQ2XuSEDze5j9yfFmAkHTjC+KBqJ
VTZEKjQt4JsXihrMROwKVTSZHs5XclNqaHhyNdlshdns/QqCKISomKqmEmil0CLz
C1s3OalHBGYqhRFMIZrBjAojD1hluZpNuf0S4k2bC63mv4Wfb3AVQ1BNcMMQatvA
j5t3sgexQVQ4gdk2qMdXy8m2FIMg5+LpFUmsZHRiL+XrPlVG0U4Rk/er5qUCRPJg
2jlxOMtEEC/mgyZAAENwz+yJGbvwWsRXmCWSzB7fAzkTkxD7vVz1jqBnSK1rjYZ7
E6paGyoPfjFoHkfoBBXdXdKF9mW+HUtFY89w6yDRkFMyh6hPJsS3aqjl2sduSPcu
RTlPpFXZVWp0Y8bPmhyb368zmmVo6y0l26iDNGclLblJNv1W9DPEx2wk2+Abskjy
gi1SkNO4UT15ntpfnYeq+YXQWBiFv4YjgIk19qP9y2nJMut0qoLfvD0vM+pVCs7V
F3BM1JwKl8O2MfnRes42/AUK421Fa0Id5+Ojv6dLMJvVZYC0WsAfM/PlazEaHQZP
fpbTSfid+aF4kVQ5EfUg/LS2g/brdQhyLYViSovHQwMjTZKxXzklyr+E86CWB5im
goSYT8U8AVknO6uWHdm5WMZvF5Zw3SfxTmwB6c9sBzefMNPOroQxuCLj588KfKDn
uO0MTsIA
=rJLj
-----END PGP SIGNATURE-----
More information about the Pkg-zsh-devel
mailing list