Hello all, I have prepared an update of zsh to address CVE-2019-20044. I have tested the resulting packages, including specifically testing to ensure that the backported patches address the privilege escalation vulnerability. However, given the magnitude of the change (patches totalling around 850 lines in all) and the fact that as a shell zsh is a particularly important bit of infrastructure, I would greatly appreciate some additional testing by any regular zsh users out there; I am not a regular zsh user.
A signed package is available here: https://people.debian.org/~roberto/zsh/ In the absence of any negative reports, I intend to upload and publish the corresponding advisory sometime on Monday, 24th February. Regards, -Roberto -- Roberto C. Sánchez
