1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 5234-1] fish security update

    From Salvatore Bonaccorso@21:1/5 to All on Wed Sep 21 20:50:01 2022
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5234-1 security@debian.org https://www.debian.org/security/ Aron Xu September 21, 2022 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : fish
    CVE ID : CVE-2022-20001

    An arbitrary code execution vulnerability was disovered in fish, a
    command line shell. When using the default configuraton of fish,
    changing to a directory automatically ran `git` commands in order to
    display information about the current repository in the prompt. Such repositories can contain per-repository configuration that change the
    behavior of git, including running arbitrary commands.

    For the stable distribution (bullseye), this problem has been fixed in
    version 3.1.2-3+deb11u1.

    We recommend that you upgrade your fish packages.

    For the detailed security status of fish please refer to its security
    tracker page at:
    https://security-tracker.debian.org/tracker/fish

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmMrW8pfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Rrlg/9FWqWYkhEI1NHuxbo4DNcsWg6j29LwdrTnLZpBm/eIuV0uzeEVK53hPu0 COm76y3am/p+HVB5+JS5AMJ50Crjg6Ey2HgK+l9uaJh2lrXVpy87vGW/AehAX+DN owZJrjbBHYcDaK4P179Wuic7V/WQnf8majq7OeCtCLNia2dIIgsQQ8smt2UXYSYg inCgTMoVG8fjNE8MN9ntw/FP+B1zA1o6YG8S1LvRPGS8KZzEuv6HjYzZ/smGx5W0 pk8wY6KnbGBnb1VtJYhvnXNoYGh/riCLLQ5ASD/jZi+qLZsu+7OHFm+CTsITc/p4 Ln/Pfxmp3+FSjQ0SOpt1GJI9UHz0qOdMEc4/mvowkkZFT4emar3sgN1qfCxtH/HP p566fc/ShwANJ3Y+sVwr8isy17at3exBdrSQowZUT3YRfhpU6Xen6eZIu2sJQzON WKji6Cy3JNi+CVTi/RZnGBjxpX0mLv0GffzRZmENbcYt7uCMhbrsXno0pghpST2P i3yBvI1VWL9FjOGMHzVov4vh6DysaDwQowWux2sEYCNSxsxs9KIWlBE9iiKWk0fI +A1avvjnnaPaOrb+HsvuMYE+xgJigwcEJB9B+TonhnB+TlPaQM0IWeSM6Rty05U5 GPvbG547s31r+RJkmvcI5c0HUc3XPRNdt5XKv56sd6/9zI2hczc=
    =2RGj
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)