Source: zsh Version: 5.4.2-3 Severity: normal Tags: patch security upstream
Hi, the following vulnerability was published for zsh. CVE-2018-1071[0]: | zsh through version 5.4.2 is vulnerable to a stack-based buffer | overflow in the exec.c:hashcmd() function. A local attacker could | exploit this to cause a denial of service. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-1071 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1071 [1] https://sourceforge.net/p/zsh/code/ci/679b71ec4d852037fe5f73d35bf557b0f406c8d4 Please adjust the affected versions in the BTS as needed. Regards, Salvatore