[Pkg-zsh-devel] Multiple vulnerabilities in stable zsh package?
Yves-Alexis Perez
corsac at debian.org
Sun Sep 30 12:58:07 BST 2018
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Sat, 2018-09-29 at 14:26 -0600, Nathan Dorfman wrote:
> On Fri, Sep 28, 2018 at 08:18:40AM +0200, Yves-Alexis Perez wrote:
> > Hi Nathan,
> >
> > you can see the security status of zsh here:
> >
> > https://security-tracker.debian.org/tracker/source-package/zsh
> >
> > Basically all the issues have been marked as unimportant or no-dsa. They
> > might
> > qualify for a stable update but it's up to the maintainers to request that
> > from the release team.
>
> Thanks for this information, I didn't kow about this security tracker page.
>
> Do you happen to know why these would be deemed unimportant? Several of them
> lead to local priveledge escalation, which seems pretty bad for any multi-
> user
> system.
The rationale is usually explained in the specific CVE page. If you disagree
with the severity feel free to comment on the tracker public list (
https://lists.debian.org/debian-security-tracker/)
Regards,
- --
Yves-Alexis
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAluwuk8ACgkQ3rYcyPpX
RFti/QgAiBwj1vCLzw8iR38jI/gRqoqyCoRhfbVoEC3nfuJaD3AEfQLgnC43pgCd
Mcq3qXRjR8qUsvgLepah5OYgAh+P+b7ZdMi0rVfk2G5txHnb/z4k9QWg0+WXqkGa
s3wdDL/A+yFVJpZ5YxXbbFH/8VZWbuDefu0NQthvqHXwLhH/yMoQyFPjofQjaGVZ
FyCPHQ6XVFI2ODtQHQI+IxmaCFj0E7fRa6eilbinQw1T1ixtSGeD5AtaJVNZbdoS
P88f6CsDWOnGJxW6rC5G0TgY36YKINTViaTixpIhaSBSTYUsyDMj0xnS1P+TAGli
O3T8LmLE2JYL3UapRZVmDdcnJ8iPUQ==
=Edls
-----END PGP SIGNATURE-----
More information about the Pkg-zsh-devel
mailing list