about summary refs log tree commit diff
path: root/README
diff options
context:
space:
mode:
Diffstat (limited to 'README')
-rw-r--r--README8
1 files changed, 5 insertions, 3 deletions
diff --git a/README b/README
index 42105ee8d..e3ccc70b1 100644
--- a/README
+++ b/README
@@ -10,9 +10,11 @@ There are minor new features as well as bug fixes since 5.0.6.
 
 Note in particular there is a security fix to disallow evaluation of the
 initial values of integer variables imported from the environment (they
-are instead treated as literal numbers).  Although no exploits are
-currently known with this issue it is recommended to upgrade as soon as
-possible.
+are instead treated as literal numbers).  That could allow local
+privilege escalation, under some specific and atypical conditions where
+zsh is being invoked in privilege elevation contexts when the
+environment has not been properly sanitized, such as when zsh is invoked
+by sudo on systems where "env_reset" has been disabled.
 
 Installing Zsh
 --------------