-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 13 Feb 2022 19:16:43 +0100 Source: zsh Architecture: source Version: 5.7.1-1+deb10u1 Distribution: buster-security Urgency: high Maintainer: Debian Zsh Maintainers <pkg-zsh-devel@lists.alioth.debian.org> Changed-By: Axel Beckert <abe@debian.org> Changes: zsh (5.7.1-1+deb10u1) buster-security; urgency=high . * [5931be85] Cherry-pick zsh 5.8.1 fixes for CVE-2021-45444 for Buster. * [1894b185] Update CVE-2021-45444 patches to fit NEWS, README and ChangeLog of the 5.7.1 upstream release. * [42c0fa26] Install new Etc/CVE-2021-45444-VCS_Info-workaround.patch into zsh-doc. It is not relevant for Debian's package but gives hints about CVE-2021-45444 mitigations on other platforms which aren't updated yet. * [ce21df9c] Update cherry-pick-CVE-2021-45444_2.patch to use a file name without blanks as actually used in the final 5.8.1 release. Checksums-Sha1: 450e8e5e17e95593fd7f4212ab666325541e40fc 2512 zsh_5.7.1-1+deb10u1.dsc b2fd47fdb878aa681edc974864e37baae9b0d6b7 2776796 zsh_5.7.1.orig.tar.xz 14a8d38d3fae5b8eec0b124be5c943a60c4e8fec 87028 zsh_5.7.1-1+deb10u1.debian.tar.xz 980a31a5158a61fd54f6be5d1128666b4ddbb9f6 10449 zsh_5.7.1-1+deb10u1_amd64.buildinfo Checksums-Sha256: f99e71e8fa6d76b276ace1f3903f45f91cdfb25fa16d70cbf5897fda01e09a72 2512 zsh_5.7.1-1+deb10u1.dsc 439aafb4341522c307a67a2680e95fadb1b35a5c7f332089b9cc5154496570ca 2776796 zsh_5.7.1.orig.tar.xz ecbe22ed6a2b8dcaf10eff02b6b66583ce8d108a936624fc424c72188dea1ddd 87028 zsh_5.7.1-1+deb10u1.debian.tar.xz 6adc1be02d6128d4741463dea6271a031cd5e8815a0447fa740dc9328f9d2c38 10449 zsh_5.7.1-1+deb10u1_amd64.buildinfo Files: 307beaba3f76bc6098e9f2e1a0d7b00b 2512 shells optional zsh_5.7.1-1+deb10u1.dsc acc1a32ef5b3120ead5c6f0d011ceb76 2776796 shells optional zsh_5.7.1.orig.tar.xz d0f5fe26d9548331d9757e26b95c7aaf 87028 shells optional zsh_5.7.1-1+deb10u1.debian.tar.xz d5f5ca4772107f6d723d748de5776114 10449 shells optional zsh_5.7.1-1+deb10u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEERoyJeTtCmBnp12Ema+Zjx1o1yXUFAmIMYLYACgkQa+Zjx1o1 yXUh3RAAri1dxAD7xPtQLRI7w5FR7a9utZuEyIQ8kyxAOBoNRUC7IJd+hnQRcFFo o+rXno4Dnmph+91fJczjYyeRUoBHAWP6OtvtVvc9Rjsz5QkoRz21bRJnvD65gYCS tyJpdFwD2S0HlINudeRN1XssvNwK0pU/NtAldM7IfCcezThlDzSdEiZdGWsr0jW3 h8ZKMmm/RqmM/54utXo3PehK+/E31GhpJDjuvFbKEOoBfdvezDL/j3ZOX8b8t1X3 UxsG+9k6TnCDgJAkvV4jgjBeYFGdBpMGVUdNQueDgTIBRCQkIL2mo1hF6TEEaJMU kHfknM9XPl43PXGnXEaU5P0BAqmDZPQygWHEx9RYVnzghjikJeGqZZE4u3+AVQzl duoZyCl9ieAh+JO04HmlLm850btvyfiZ6hbjEF8sWOQmY0YyFaTKFEY/XGZCw6Nm APvznWHcPm8oi1mUTIntIJg2W5/UQYh8LRQj8cwIb5rCUwn5Y7kd1m/UQUyrFIf+ Jq9z9SGSjOyPSp+8tsEBpZzH+Ykaej3IEEA8mQklt0TzrLAqWsQ3pM2ip/AdsLq4 3wrFPRMvp/9ghfDv+1RUEwmpsjaKBzbGUK0iC5n1rwcOGAsMZAj0KLHdpgMAYFlY llCa7xwLMWETblH2Fjp6oLOEnFQgAbqMFRvhaPr+OOuzZDCedLY= =Qoy5 -----END PGP SIGNATURE-----