-
zsh (5.2-5ubuntu1.2) artful-security; urgency=medium
* SECURITY UPDATE: stack-based buffer overflow
- debian/patches/CVE-2018-1071.patch: check bounds when
copying patch in hashcmd() in Src/exec.c, Src/utils.c.
- CVE-2018-1071
* SECURITY UPDATE: buffer-overflow
- debian/patches/CVE-2018-1083.patch: check bounds on PATH_MAX
buffer in Src/Zle/compctl.c.
- CVE-2018-1083
-- <email address hidden> (Leonidas S. Barbosa) Mon, 26 Mar 2018 14:22:32 -0300
-
zsh (5.2-5ubuntu1.1) artful-security; urgency=medium
* SECURITY UPDATE: undersized buffer
- debian/patches/CVE-2016-10714.patch: Add extra byte to PATH_MAX
in Src/Zle/compctl.c, Src/builtin.c, Src/compat.c, Src/exec.c,
Src/glob.c, Src/hist.c, Src/utils.c.
- CVE-2016-10714
* SECURITY UPDATE: NULL dereference
- debian/patches/CVE-2017-18205.patch: fix in Src/builtin.c,
Test/B01cd.ztst.
- CVE-2017-18205
* SECURITY UPATE: buffer overflow
- debian/patches/CVE-2017-18206.patch: fix buffer overrun in xsymlinks
in Src/utils.c.
- CVE-2017-18206
* SECURITY UPDATE: NULL deference
- debian/patches/CVE-2018-7548.patch: avoid null-pointer
deref in Src/subst.c.
- CVE-2018-7548
* SECURITY UPDATE: Crash while copy an empty hash table
- debian/patches/CVE-2018-7549.patch: avoid crash empty
hash table in Src/params.c.
- CVE-2018-7549
* Fixing documentation build
- debian/patches/fix_doc_build.patch. Thanks Steve Beattie.
-- <email address hidden> (Leonidas S. Barbosa) Wed, 07 Mar 2018 12:05:01 -0300
-
zsh (5.2-5ubuntu1) yakkety; urgency=medium
* Merge with Debian; remaining changes:
zsh (5.2-5) unstable; urgency=low
* [f368b96e] Also remove hardcoded /usr/bin/zsh symlink in postrm
again. (Closes: #823730)
zsh (5.2-4) unstable; urgency=low
[ Axel Beckert ]
* [a25e7f1f] Add "--ddeb-migration=zsh-dbg" to "dh_strip -pzsh" for
proper Breaks/Replaces. Thanks to Mattia Rizzolo
* [370659ae] Add rosbash to bug-script's fallback list of packages with
code to be sourced in .zshrc.
* [1922c900] Remove GCC-4.9-specific workaround on s390x from
debian/rules.
* [64eed86b] Enable hardening=+all, fixes multiple hardening-no-*
lintian warnings.
* [cafce990] Remove usage of alternatives system for zsh, rzsh and
zsh-static. (Closes: #768079)
* [7db7f765] Switch Vcs-Git from git:// to https://, fixes lintian
warning vcs-field-uses-insecure-uri.
* [826ec19e] Declare compliance with Debian Policy 3.9.8. (No other
changes were required.)
* [a2021b04] Use "debian-stretch" as debian branch until a new upstream
release is out.
* [f9dba1a3] Update yodl build-dependency to exclude the broken 3.08.00
upstream release. (See #823043 for details.)
[ Frank Terbeck ]
* [c1e9ec06] zshrc: Make expansion robust with NO_UNSET.
Thanks to Marc Chantreux on #pkg-zsh (freenode)
-- Matthias Klose <email address hidden> Tue, 23 Aug 2016 12:35:26 +0200
