summary refs log tree commit diff
path: root/NEWS
diff options
context:
space:
mode:
authorAnthony Sottile <asottile@umich.edu>2018-09-03 14:39:25 +0000
committerDaniel Shahaf <d.s@daniel.shahaf.name>2018-09-03 15:07:47 +0000
commit1c4c7b6a4d17294df028322b70c53803a402233d (patch)
tree9017103102c523609b4f3210788a4406a173a19f /NEWS
parentbaef71ccfc9df3221916a4356dafe5d792a509c6 (diff)
downloadzsh-1c4c7b6a4d17294df028322b70c53803a402233d.tar.gz
zsh-1c4c7b6a4d17294df028322b70c53803a402233d.tar.xz
zsh-1c4c7b6a4d17294df028322b70c53803a402233d.zip
CVE-2018-0502, CVE-2018-13259: Fix two security issues in shebang line parsing.
See NEWS for more information.

Patch by Anthony Sottile and Buck Evan.
Diffstat (limited to 'NEWS')
-rw-r--r--NEWS21
1 files changed, 21 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 93d879ce3..7b3e5692c 100644
--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,27 @@ CHANGES FROM PREVIOUS VERSIONS OF ZSH
 
 Note also the list of incompatibilities in the README file.
 
+Changes from 5.5.1-test-2 to 5.6
+--------------------------------
+
+CVE-2018-0502: Data from the second line of a #! script file might be passed to
+execve().  For example, in the following situation -
+.
+    printf '#!foo\nbar' > baz
+    ./baz
+.
+the shell might take "bar" rather than "foo" for the argv[0] to be passed to
+execve().  [ Reported by Anthony Sottile and Buck Evan. ]
+
+CVE-2018-13259: A shebang line longer than 64 characters would be truncated.
+For example, in the following situation:
+.
+    ( printf '#!'; repeat 64 printf 'x'; printf 'y' ) > foo
+    ./foo
+.
+the shell might execute x...x (64 repetitions) rather than x...xy (64 x's,
+one y).  [ Reported by Daniel Shahaf. ]
+
 Changes from 5.5.1 to 5.5.1-test-2
 ----------------------------------