Information on source package zsh

Available versions

ReleaseVersion
stretch5.3.1-4
buster5.7.1-1
bullseye5.8-5
sid5.8-5

Open issues

BugstretchbusterbullseyesidDescription
CVE-2019-20044vulnerable (no DSA)vulnerable (no DSA)fixedfixedIn Zsh before 5.8, attackers able to execute commands can regain privi ...
CVE-2018-13259vulnerable (no DSA)fixedfixedfixedAn issue was discovered in zsh before 5.6. Shebang lines exceeding 64 ...
CVE-2018-1100vulnerable (no DSA)fixedfixedfixedzsh through version 5.4.2 is vulnerable to a stack-based buffer overfl ...
CVE-2018-1083vulnerable (no DSA)fixedfixedfixedZsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in ...
CVE-2018-1071vulnerable (no DSA)fixedfixedfixedzsh through version 5.4.2 is vulnerable to a stack-based buffer overfl ...
CVE-2018-0502vulnerable (no DSA)fixedfixedfixedAn issue was discovered in zsh before 5.6. The beginning of a #! scrip ...
CVE-2017-18206vulnerable (no DSA)fixedfixedfixedIn utils.c in zsh before 5.4, symlink expansion had a buffer overflow. ...

Open unimportant issues

BugstretchbusterbullseyesidDescription
CVE-2018-7549vulnerablefixedfixedfixedIn params.c in zsh through 5.4.2, there is a crash during a copy of an ...
CVE-2018-7548vulnerablefixedfixedfixedIn subst.c in zsh through 5.4.2, there is a NULL pointer dereference w ...
CVE-2017-18205vulnerablefixedfixedfixedIn builtin.c in zsh before 5.4, when sh compatibility mode is used, th ...

Resolved issues

BugDescription
CVE-2016-10714In zsh before 5.3, an off-by-one error resulted in undersized buffers ...
CVE-2014-10072In utils.c in zsh before 5.0.6, there is a buffer overflow when scanni ...
CVE-2014-10071In exec.c in zsh before 5.0.7, there is a buffer overflow for very lon ...
CVE-2014-10070zsh before 5.0.7 allows evaluation of the initial values of integer va ...
CVE-2007-6209Util/difflog.pl in zsh 4.3.4 allows local users to overwrite arbitrary ...

Security announcements

DSA / DLADescription
DLA-2117-1zsh - security update
DLA-1335-1zsh - security update
DLA-1304-1zsh - security update

Search for package or bug name: Reporting problems