-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 31 Mar 2018 22:56:22 +0200 Source: zsh Binary: zsh zsh-doc zsh-static zsh-dev zsh-dbg Architecture: source all amd64 Version: 4.3.17-1+deb7u2 Distribution: wheezy-security Urgency: high Maintainer: Debian Zsh Maintainers <pkg-zsh-devel@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: zsh - shell with lots of features zsh-dbg - shell with lots of features (debugging symbols) zsh-dev - shell with lots of features (development files) zsh-doc - zsh documentation - info/HTML format zsh-static - shell with lots of features (static link) Changes: zsh (4.3.17-1+deb7u2) wheezy-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2018-1071: stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit this to cause a denial of service. * Fix CVE-2018-1083: buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mentioned path. If the user affected is privileged, this leads to privilege escalation. Checksums-Sha1: a7270a816f958e86400fdb1bbf0157f8ec42de57 2465 zsh_4.3.17-1+deb7u2.dsc 7470100ad2284c66d681bf1746989559b9b81405 153753 zsh_4.3.17-1+deb7u2.debian.tar.gz e0d510c24bc5cb45c94202ee2f50dfb7241752ff 2568638 zsh-doc_4.3.17-1+deb7u2_all.deb 92d8362f932230b91be26b2d95529f620a668f6b 4916390 zsh_4.3.17-1+deb7u2_amd64.deb 650ce9ab55cdce32ac316021c17f3de195397403 1545410 zsh-dbg_4.3.17-1+deb7u2_amd64.deb 54aaae4974b06e117c9f8cc3242d83d76924a8aa 1018666 zsh-static_4.3.17-1+deb7u2_amd64.deb 399052ac85720c0b5167ccc744ef8b2f3e3b0cc2 84794 zsh-dev_4.3.17-1+deb7u2_amd64.deb Checksums-Sha256: 209a6d7a26a33fb15cc6286a23bf4122f4df01e002e255ee433b2aa3383eb70a 2465 zsh_4.3.17-1+deb7u2.dsc 90f8555d12cd663701a6e3596796dd23baf54e4ae4384955120d6fc2991d67af 153753 zsh_4.3.17-1+deb7u2.debian.tar.gz 43c57f46e15671978c41538b28d743ef7f7a2b6668fec413d5483ade5c76d612 2568638 zsh-doc_4.3.17-1+deb7u2_all.deb 11e0123a7264c64f97432894e41380ed40c38175a4c7bb942a747490e40bae6b 4916390 zsh_4.3.17-1+deb7u2_amd64.deb 4fa01810e314a728599b2faa79a03048fa5765f859cd2a031d04bcd39bfba9dc 1545410 zsh-dbg_4.3.17-1+deb7u2_amd64.deb a3495b3d203c8b886608c0fff7c13c774f8a52607971cc056d8f22eb48511676 1018666 zsh-static_4.3.17-1+deb7u2_amd64.deb 5c597bfef87fad58a6cfd236dd22cace720f68b02d675897cef7b3a130443fef 84794 zsh-dev_4.3.17-1+deb7u2_amd64.deb Files: 27c069263e8103056ced8a7dfe21d103 2465 shells optional zsh_4.3.17-1+deb7u2.dsc 69a778f809f3532313ac89079c1486cc 153753 shells optional zsh_4.3.17-1+deb7u2.debian.tar.gz e7bbb58e9fb933dfb47e9be410e5053d 2568638 doc optional zsh-doc_4.3.17-1+deb7u2_all.deb 71830927ddc31b4d2a1bd41658e60ba4 4916390 shells optional zsh_4.3.17-1+deb7u2_amd64.deb c7df2bc2ad3e18352a46da0fed124976 1545410 debug extra zsh-dbg_4.3.17-1+deb7u2_amd64.deb c97a3068a02f13f6f050790b7010df87 1018666 shells optional zsh-static_4.3.17-1+deb7u2_amd64.deb a19950dc4dc41903e5d871e58a6e3e90 84794 libdevel optional zsh-dev_4.3.17-1+deb7u2_amd64.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlq/+zpfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkLkcQALBeKS3jpQ2XuSEDze5j9yfFmAkHTjC+KBqJ VTZEKjQt4JsXihrMROwKVTSZHs5XclNqaHhyNdlshdns/QqCKISomKqmEmil0CLz C1s3OalHBGYqhRFMIZrBjAojD1hluZpNuf0S4k2bC63mv4Wfb3AVQ1BNcMMQatvA j5t3sgexQVQ4gdk2qMdXy8m2FIMg5+LpFUmsZHRiL+XrPlVG0U4Rk/er5qUCRPJg 2jlxOMtEEC/mgyZAAENwz+yJGbvwWsRXmCWSzB7fAzkTkxD7vVz1jqBnSK1rjYZ7 E6paGyoPfjFoHkfoBBXdXdKF9mW+HUtFY89w6yDRkFMyh6hPJsS3aqjl2sduSPcu RTlPpFXZVWp0Y8bPmhyb368zmmVo6y0l26iDNGclLblJNv1W9DPEx2wk2+Abskjy gi1SkNO4UT15ntpfnYeq+YXQWBiFv4YjgIk19qP9y2nJMut0qoLfvD0vM+pVCs7V F3BM1JwKl8O2MfnRes42/AUK421Fa0Id5+Ojv6dLMJvVZYC0WsAfM/PlazEaHQZP fpbTSfid+aF4kVQ5EfUg/LS2g/brdQhyLYViSovHQwMjTZKxXzklyr+E86CWB5im goSYT8U8AVknO6uWHdm5WMZvF5Zw3SfxTmwB6c9sBzefMNPOroQxuCLj588KfKDn uO0MTsIA =rJLj -----END PGP SIGNATURE-----