Zsh Mailing List Archive
Messages sorted by: Reverse Date, Date, Thread, Author

zsh 5.8.1 released (CVE-2021-45444)



Hello,

zsh 5.8.1 has been released and made available for download at the
following locations:

  https://sourceforge.net/projects/zsh/files/
  https://www.zsh.org/pub/

This is a stable security release with a few bug fixes, including one
for CVE-2021-45444, a vulnerability in prompt expansion which could be
exploited through e.g. VCS_Info to execute arbitrary shell commands
without a user's knowledge. All sites are encouraged to update from
zsh 5.8. A partial work-around which can be applied within a running
shell is provided in the source distribution for those who are unable
to update their shell binaries.

For further details, please refer to the README and NEWS files
distributed with the shell, or see here:

  https://zsh.sourceforge.io/releases.html

PS: Maintainers of down-stream zsh packages are invited to e-mail
<zsh-security@xxxxxxx> if they would like to request pre-notification
of security releases like this one.

dana





Messages sorted by: Reverse Date, Date, Thread, Author