Package: zsh
Version: 4.3.4-26
Severity: important
Tags: security

Hi,
referring to https://bugs.gentoo.org/show_bug.cgi?id=201022 
the difflog.pl script shipped by zsh is prone to a symlink 
attack. I verified this is also the case in the Debian 
package of zsh.
I am waiting for a CVE id for this.
Kind regards
Nico
-- 
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: pgpvafjjBSrGp.pgp
Description: PGP signature



Reply via email to