[Pkg-zsh-devel] Multiple vulnerabilities in stable zsh package?

Nathan Dorfman ndorf at rtfm.net
Sat Sep 29 21:26:45 BST 2018


On Fri, Sep 28, 2018 at 08:18:40AM +0200, Yves-Alexis Perez wrote:
> Hi Nathan,
> 
> you can see the security status of zsh here:
> 
> https://security-tracker.debian.org/tracker/source-package/zsh
> 
> Basically all the issues have been marked as unimportant or no-dsa. They might
> qualify for a stable update but it's up to the maintainers to request that
> from the release team.

Thanks for this information, I didn't kow about this security tracker page.

Do you happen to know why these would be deemed unimportant? Several of them
lead to local priveledge escalation, which seems pretty bad for any multi-user
system.

-nd.



More information about the Pkg-zsh-devel mailing list