Summary: | <app-shells/zsh-5.8: insecure dropping of privileges when unsetting PRIVILEGED option (CVE-2019-20044) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | polynomial-c |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.zsh.org/mla/zsh-announce/141 | ||
Whiteboard: | B3 [glsa+ cve] | ||
Package list: |
app-shells/zsh-5.8
|
Runtime testing required: | --- |
Description
Sam James
2020-03-01 02:02:47 UTC
amd64 stable sparc stable x86 stable ia64/ppc/ppc64 stable arm stable arm64 stable hppa stable Thanks arches. Maintainer(s), please drop the vulnerable version(s). The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8a12520a673e400902c64889848cc413746fc87c commit 8a12520a673e400902c64889848cc413746fc87c Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2020-03-18 20:55:09 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2020-03-18 20:55:09 +0000 app-shells/zsh: Security cleanup Bug: https://bugs.gentoo.org/711136 Package-Manager: Portage-2.3.94, Repoman-2.3.21 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> app-shells/zsh/Manifest | 2 - app-shells/zsh/zsh-5.7.1-r1.ebuild | 221 ------------------------------------- 2 files changed, 223 deletions(-) Thanks all. GLSA Vote: Yes New GLSA request filed. This issue was resolved and addressed in GLSA 202003-55 at https://security.gentoo.org/glsa/202003-55 by GLSA coordinator Thomas Deutschmann (whissi). |