On Fri, 2025-02-28 at 15:27 -0600, Michel Lind wrote: > On Thu, Feb 27, 2025, at 12:43 PM, Michel Lind wrote: > > Hi all, > > > > A heads-up that I'm preparing a rebase of Fish in EPEL 9 to address > > this > > CVE > > > > https://bugzilla.redhat.com/show_bug.cgi?id=2253972 > > > > > Code execution does not appear to be possible, but denial of > > > service (through large brace expansion) or information disclosure > > > (such as variable expansion) is potentially possible under > > > certain circumstances > > > > It's not a high severity, and there are several very minor > > behavioral > > changes in every 3.Y.0 minor releases since 3.3.1, so I figure I'll > > play > > it safe and treat it as an incompatible update and flag it to this > > list > > first. > > > > Pagure issue: https://pagure.io/epel/issue/320 >
The update is now built and published to Bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-cd25b2c8a7 Best regards, -- _o) Michel Lind _( ) identities: https://keyoxide.org/5dce2e7e9c3b1cffd335c1d78b229d2f7ccc04f2 README: https://fedoraproject.org/wiki/User:Salimma#README
signature.asc
Description: This is a digitally signed message part
-- _______________________________________________ epel-devel mailing list -- epel-devel@lists.fedoraproject.org To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
