Information on source package zsh

Available versions

ReleaseVersion
jessie5.0.7-5
jessie (security)5.0.7-5+deb8u1
stretch5.3.1-4
buster5.7.1-1
bullseye5.8-4
sid5.8-4

Open issues

BugjessiestretchbusterbullseyesidDescription
CVE-2019-20044fixedvulnerable (no DSA)vulnerable (no DSA)fixedfixedIn Zsh before 5.8, attackers able to execute commands can regain privi ...
CVE-2018-13259vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedAn issue was discovered in zsh before 5.6. Shebang lines exceeding 64 ...
CVE-2018-1100vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedzsh through version 5.4.2 is vulnerable to a stack-based buffer overfl ...
CVE-2018-1083vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedZsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in ...
CVE-2018-1071vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedzsh through version 5.4.2 is vulnerable to a stack-based buffer overfl ...
CVE-2018-0502vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedAn issue was discovered in zsh before 5.6. The beginning of a #! scrip ...
CVE-2017-18206vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedIn utils.c in zsh before 5.4, symlink expansion had a buffer overflow. ...
CVE-2016-10714vulnerable (no DSA)fixedfixedfixedfixedIn zsh before 5.3, an off-by-one error resulted in undersized buffers ...

Open unimportant issues

BugjessiestretchbusterbullseyesidDescription
CVE-2018-7549vulnerablevulnerablefixedfixedfixedIn params.c in zsh through 5.4.2, there is a crash during a copy of an ...
CVE-2018-7548vulnerablevulnerablefixedfixedfixedIn subst.c in zsh through 5.4.2, there is a NULL pointer dereference w ...
CVE-2017-18205vulnerablevulnerablefixedfixedfixedIn builtin.c in zsh before 5.4, when sh compatibility mode is used, th ...

Resolved issues

BugDescription
CVE-2014-10072In utils.c in zsh before 5.0.6, there is a buffer overflow when scanni ...
CVE-2014-10071In exec.c in zsh before 5.0.7, there is a buffer overflow for very lon ...
CVE-2014-10070zsh before 5.0.7 allows evaluation of the initial values of integer va ...
CVE-2007-6209Util/difflog.pl in zsh 4.3.4 allows local users to overwrite arbitrary ...

Security announcements

DSA / DLADescription
DLA-2117-1zsh - security update
DLA-1335-1zsh - security update
DLA-1304-1zsh - security update

Search for package or bug name: Reporting problems