diff options
author | dana <dana@dana.is> | 2021-12-21 13:13:33 -0600 |
---|---|---|
committer | dana <dana@dana.is> | 2022-02-12 07:22:11 -0600 |
commit | bdc4d70a7e033b754e68a8659a037ea0fc5f38de (patch) | |
tree | 67db649c8f168ec5de967e06474f51c28c3889f0 /NEWS | |
parent | fdb8b0ce6244ff26bf55e0fd825310a58d0d3156 (diff) | |
download | zsh-bdc4d70a7e033b754e68a8659a037ea0fc5f38de.tar.gz zsh-bdc4d70a7e033b754e68a8659a037ea0fc5f38de.tar.xz zsh-bdc4d70a7e033b754e68a8659a037ea0fc5f38de.zip |
CVE-2021-45444: Update NEWS/README
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/NEWS b/NEWS index 964e1633f..327b449a0 100644 --- a/NEWS +++ b/NEWS @@ -4,6 +4,26 @@ CHANGES FROM PREVIOUS VERSIONS OF ZSH Note also the list of incompatibilities in the README file. +Changes since 5.8 +----------------- + +CVE-2021-45444: Some prompt expansion sequences, such as %F, support +'arguments' which are themselves expanded in case they contain colour +values, etc. This additional expansion would trigger PROMPT_SUBST +evaluation, if enabled. This could be abused to execute code the user +didn't expect. e.g., given a certain prompt configuration, an attacker +could trick a user into executing arbitrary code by having them check +out a Git branch with a specially crafted name. + +This is fixed in the shell itself by no longer performing PROMPT_SUBST +evaluation on these prompt-expansion arguments. + +Users who are concerned about an exploit but unable to update their +binaries may apply the partial work-around described in the file +Etc/CVE-2021-45444-VCS_Info-workaround.patch included with the shell +source. [ Reported by RyotaK <security@ryotak.me>. Additional thanks to +Marc Cornellà <hello@mcornella.com>. ] + Changes since 5.7.1-test-3 -------------------------- |