Summary: | <app-shells/fish-3.4.0: code execution via malicious git configuration | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | gentoo.qxrin, gentoo, gyakovlev, polynomial-c |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/fish-shell/fish-shell/security/advisories/GHSA-pj5f-6vxj-f5mq | ||
Whiteboard: | B2 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 835339 | ||
Bug Blocks: |
Description
John Helmert III
2022-03-15 15:24:21 UTC
Please cleanup The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=064a1f6462587573309045cbc97f549cf8b0429f commit 064a1f6462587573309045cbc97f549cf8b0429f Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2022-05-20 06:27:41 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2022-05-20 06:27:41 +0000 app-shells/fish: Security cleanup Bug: https://bugs.gentoo.org/835337 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> app-shells/fish/Manifest | 1 - .../fish/files/3.3.1-don-t-override-linker.patch | 48 ---------- app-shells/fish/files/3.3.1-drop-some-tests.patch | 26 ----- .../fish/files/3.3.1-sbin-path-sh-test.patch | 25 ----- app-shells/fish/fish-3.3.1-r1.ebuild | 106 --------------------- 5 files changed, 206 deletions(-) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=c6ee8892052cc41b32dd714edc0f366bff3b60ee commit c6ee8892052cc41b32dd714edc0f366bff3b60ee Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-09-29 10:53:28 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2023-09-29 10:54:50 +0000 [ GLSA 202309-10 ] Fish: User-assisted execution of arbitrary code Bug: https://bugs.gentoo.org/835337 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202309-10.xml | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) |