-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2926-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort February 18, 2022 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : zsh Version : 5.3.1-4+deb9u5 CVE ID : CVE-2021-45444 It was discovered that zsh, a powerful shell and scripting language, did not prevent recursive prompt expansion. This would allow an attacker to execute arbitrary commands into a user's shell, for instance by tricking a vcs_info user into checking out a git branch with a specially crafted name. For Debian 9 stretch, this problem has been fixed in version 5.3.1-4+deb9u5. We recommend that you upgrade your zsh packages. For the detailed security status of zsh please refer to its security tracker page at: https://security-tracker.debian.org/tracker/zsh Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmIPWiUACgkQnUbEiOQ2 gwJ+3Q//ST3uT+SswB01g7B/wlVn6WAexKCMMfC2hzN/GXJ6OlnX0aE+BaSqUmBS LrLQLSgBIy4mQqJ/I5zt0coTHNva6PbfPVzzc5Y5JnstxJsS0NN2RiRUktkDM0NM YeVi9G0AFyvPMsNdqlpdhPTdYthK0etiKKmcjXyVTIyZmLDNXNRsviykVXkXaUtv x7UK2uUiWDHDwNIFVzIUwsdEw/4VFsgyPV4sYcpENTwr+93QSc5+TSigJl83rrLa /5E9JtnbX3bpYEEtU+sjDqh2CPJDbT2EXpg6OKH9hrXvYeCJW2SSqYct0EpcMmRE MVTTfNm6P971h4h3qK3KoX/rHntusCr9sSa6rXx/uOAyfhaGEA3kTYXfs2tzTQYO lAWolqVkfND5vJajHSs6RCJcVigNNC4FwidkHxNjnGYyvmn+xg7vbAj8OeRnolW1 Wak9vM5e9pd/V7r74W7z0v53g6zDggkHdVI2EDCF74VAGt3DmRxFVDXUa2kEEtwZ dvCDV940Ylj7Bxp0YNN5iCe1ejA1wsqZ8FCMUJiuFGgFcbQdegWex9ct43PJHEoC QpFGZTM6UGqf+gFPhAFl54ODR2JBNKjr5jn+N/ecfhiDsXHwJPXJQ+qKHG5lm3Lg o2AwmG8WLzjqzk6Hn+P96VGcaaBfYreYjQ+TdPHJTMaCAe+Y880= =7Hu5 -----END PGP SIGNATURE-----
