Your message dated Thu, 26 Mar 2009 04:17:15 +0000
with message-id <[email protected]>
and subject line Bug#521108: fixed in zsh 4.3.9-4
has caused the Debian Bug report #521108,
regarding zsh stack overflow
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
521108: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521108
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: zsh
Version: 4.3.9-3
Severity: normal
Tags: security
User: [email protected]
Usertags: origin-ubuntu jaunty
Hello,
There is an Ubuntu bug report[1] about a zsh stack overflow. It appears to
only happen in interactive mode, but I think it might need more attention.
Typing the following will crash zsh (amd64):
!AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
It responds with:
zsh: event not found:
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Segmentation fault (core dumped)
Maybe zsh would also benefit from Hardening[2]?
-Kees
[1] https://bugs.launchpad.net/bugs/333722
[2] http://wiki.debian.org/Hardening
--
Kees Cook @debian.org
--- End Message ---
--- Begin Message ---
Source: zsh
Source-Version: 4.3.9-4
We believe that the bug you reported is fixed in the latest version of
zsh, which is due to be installed in the Debian FTP archive:
zsh-doc_4.3.9-4_all.deb
to pool/main/z/zsh/zsh-doc_4.3.9-4_all.deb
zsh_4.3.9-4.diff.gz
to pool/main/z/zsh/zsh_4.3.9-4.diff.gz
zsh_4.3.9-4.dsc
to pool/main/z/zsh/zsh_4.3.9-4.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Clint Adams <[email protected]> (supplier of updated zsh package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 25 Mar 2009 23:36:43 -0400
Source: zsh
Binary: zsh zsh-doc zsh-static zsh-dev zsh-dbg
Architecture: source all
Version: 4.3.9-4
Distribution: unstable
Urgency: low
Maintainer: Clint Adams <[email protected]>
Changed-By: Clint Adams <[email protected]>
Description:
zsh - A shell with lots of features
zsh-dbg - A shell with lots of features (debugging symbols)
zsh-dev - A shell with lots of features (development files)
zsh-doc - zsh documentation - info/HTML format
zsh-static - A shell with lots of features (static link)
Closes: 516998 521108 521174
Changes:
zsh (4.3.9-4) unstable; urgency=low
.
* ZW#26675: add POSIX_ALIASES option. closes: #516998.
* ZW#26602: fix buffer overflow in ! (history) handling.
closes: #521108.
* Bump to Standards-Version 3.8.1.
* ZW#26625, ZU#13593: inopportune interrupt could wreck terminal set
up (combined patch thanks to Vincent Lefevre). closes: #521174.
Checksums-Sha1:
8dae72973a0d43fefd4eb461abf6a15f5021fbed 1283 zsh_4.3.9-4.dsc
f98714f6f8fa258afc347a0cfaa57fff4fb98978 109722 zsh_4.3.9-4.diff.gz
74c9fac5ba4a6fe74132276f1734c8bd8f9d0b1d 2224804 zsh-doc_4.3.9-4_all.deb
Checksums-Sha256:
977752f0a2074e4614fd895ae6a15ff4ec4107fe11f5a56321fb58b61516a75d 1283
zsh_4.3.9-4.dsc
5210066b4c0186e5c7588d10b20c80779c06a543884f1ad09433dad23173cbfd 109722
zsh_4.3.9-4.diff.gz
c21aa49ee624b1507fdae6ea68e2b6965af68b0dd2f3c4142e1d6749af0e4352 2224804
zsh-doc_4.3.9-4_all.deb
Files:
64cd272b5039c55cc054b9ee78e35009 1283 shells optional zsh_4.3.9-4.dsc
84ca2dd310638493ca0fee664c6bf4ab 109722 shells optional zsh_4.3.9-4.diff.gz
831b139123b74c4629cb56426748870b 2224804 doc optional zsh-doc_4.3.9-4_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Debian!
iD8DBQFJyv6m5m0u66uWM3ARAr0KAKCC4NLyzeXGSyi0sQFAKhMTAMrhpQCgqsST
l3eclsvmKe6PVuWfiur6LEw=
=XEBu
-----END PGP SIGNATURE-----
--- End Message ---
