Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted fish 3.6.0-3.1+deb12u1 (source) into proposed-updates
Date: Sun, 24 Dec 2023 18:32:09 +0000
Signed by: Mo Zhou <lumin@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 21 Dec 2023 14:47:56 -0500
Source: fish
Architecture: source
Version: 3.6.0-3.1+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Tristan Seligmann <mithrandi@debian.org>
Changed-By: Mo Zhou <lumin@debian.org>
Closes: 1057455
Changes:
 fish (3.6.0-3.1+deb12u1) bookworm; urgency=medium
 .
   * Cherry-pick upstream fix for CVE-2023-49284. (Closes: #1057455)
     fish shell uses certain Unicode non-characters internally for marking
     wildcards and expansions. It will incorrectly allow these markers to be
     read on command substitution output, rather than transforming them into
     a safe internal representation.
Checksums-Sha1:
 7f77e40a90a38b8cc1c7cd95d4d11a10ba66bcac 2342 fish_3.6.0-3.1+deb12u1.dsc
 ac30fa9d42b3119496f40e1194bf60079c85c5c5 21084 fish_3.6.0-3.1+deb12u1.debian.tar.xz
 0cd536a7ea23a450b3404a09e8b34ab7b428bb49 8278 fish_3.6.0-3.1+deb12u1_source.buildinfo
Checksums-Sha256:
 0a88b1a0fb01d8aaecd2e7e5074db9e13fd415503b306da8e9670cd89e26242b 2342 fish_3.6.0-3.1+deb12u1.dsc
 21d391440fac547ce9c4b67f9c9be580372da9b8ab8cee6ec781aa859685cf08 21084 fish_3.6.0-3.1+deb12u1.debian.tar.xz
 79cefb698b80ee02bc377f96ae6b41b11f2bbf0a1c083e6c61150dad67308ad9 8278 fish_3.6.0-3.1+deb12u1_source.buildinfo
Files:
 84e2d5ddb40774ef9275df5f4aa9bc4b 2342 shells optional fish_3.6.0-3.1+deb12u1.dsc
 1b09e26f87f16010e5d4abd515e605a2 21084 shells optional fish_3.6.0-3.1+deb12u1.debian.tar.xz
 faba747ba0735b8f6522e81196f95e64 8278 shells optional fish_3.6.0-3.1+deb12u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEEY4vHXsHlxYkGfjXeYmRes19oaooFAmWGaswRHGx1bWluQGRl
Ymlhbi5vcmcACgkQYmRes19oaorL0RAAlat7HxzTaFhnBnOYcZZbh0fMezusmep1
a133B/lri0C0OlSoLLDNvOjJQrVbfyfUyEXJnFtq4+TsCaFs5mJ73YPK+yXcUJf1
55RmyfT0yYL2tK8WKCVLMy4UC8JbC2hmB7GBzk8eHjQ7h3W8eTNQkM54C+bGCFyK
hfc7OJmPOe44gujvCVqLded1b4mxPF0UYYLFVSyYI4A73KIlmn3z0UW4z305iWUK
+fTHi/YQ1wdHT0Mhicu+WaCFsNAA1Em445s2H2TcXxy7S1zV/QYkG4SsUJwDpni/
g5q/8p64fYhwAh8PNNU1i8JhS3gCz/Nzdj9ugoP6Z9pVv1HBWuJUeaAgX28QAP0t
7tc8Rq/aF5LPFviVAdfi3xSe3WPyznZ7DuhC5ua2nfVQmyxLy/sINfQ+RDGBtevi
CPUO4bKY4lhcPfvTRY4wEpEEBQXilleuq/om2zLhmII5L3rKME1mIob/+Dc4GcWi
mMz9HNMDfyIbN/eIW8YaGANajInzORRtpjRDHSs7lVR52C93Zu2RpDoZY7a4E58J
DywhHOvZpKlExSwmsTGr9++hoXb2IKxo81oce1XTcS/WOUDuNOkEXlozDDZXevRg
tg6Lekh55NjVdBkHMmYhr2ND6PHcOrEEL34ByxeXatSqXY3/Cn5gnw4uydZHPR6Z
ivVJZ79LEoU=
=UprW
-----END PGP SIGNATURE-----

News for package fish