Have updated the SlackBuild for Slackware
Den mån 4 dec. 2023 kl 17:58 skrev David Adam <zanc...@ucc.gu.uwa.edu.au>: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Hi all, > > I'm pleased to announce the release of fish 3.6.2, which contains a fix > for a bug with a potential security impact, and fish 3.6.3, which contains > a test suite that passes properly (but no other changes). > > CVE-2023-49284 has been assigned for a problem in fish where certain > Unicode non-characters are used internally for marking wildcards and > expansions. It will incorrectly allow these markers to be read on > command substitution output, rather than transforming them into a safe > internal representation. > > While this may cause unexpected behavior with direct input (for example, > `echo \UFDD2HOME` has the same output as `echo $HOME`), this may become > a minor security problem if the output is being fed from an external > program into a command substitution where this output may not be > expected. > > This design flaw was introduced in very early versions of fish, > predating the version control system, and is thought to be present in > every version of fish released in the last 15 years or more, although > with different characters. > > Code execution does not appear to be possible, but denial of service > (through large brace expansion) or information disclosure (such as > variable expansion) is potentially possible under certain circumstances. > > The tarball and packages for Linux, macOS and Windows will soon be > available from https://fishshell.com/ and the release notes will be at > https://fishshell.com/release_notes.html - but in the meantime I have > uploaded the release to the GitHub releases page at: > https://github.com/fish-shell/fish-shell/releases/tag/3.6.3 > > The Linux packages will be submitted to the release:3 channel, and if > you are using your system package manager to install fish from these > channels a new version will make its way to you soon. If you'd like to use > this method, the links are: > https://launchpad.net/~fish-shell/+archive/ubuntu/release-3 (Ubuntu) > > https://software.opensuse.org//download.html?project=shells%3Afish%3Arelease%3A3&package=fish > (Debian, Fedora, openSUSE and Red Hat Enterprise Linux) > > A pull request for Homebrew has been submitted, making the new version > available soon via upgrading or running `brew install fish`. > > For our distributors, the tarball is available at > https://github.com/fish-shell/fish-shell/releases/download/3.6.3/fish-3.6.3.tar.xz > The SHA-256 sum is > 55520128c8ef515908a3821423b430db9258527a6c6acb61c7cb95626b5a48d5 and the > tarball has a signature from my personal PGP key, as does this message. > > May you always remember to run the test suite in the directory > containing the release, not elsewhere. > > Thanks, > > David Adam > fish committer > zanc...@ucc.gu.uwa.edu.au > -----BEGIN PGP SIGNATURE----- > > iQIzBAEBCgAdFiEEnh3gZzzMAykZ0YUmwLlpspdOiI4FAmVt/ysACgkQwLlpspdO > iI5RIxAAo4jMrjQPUBnZgdKRCF5ZgADzFfXCNGFUqtarhFpY3fP6urAw+w0XfMJA > I4mUyxy1dHQx1ef22ct5bcfIo6W9PNBKHNGnIS31xPn7243p6E0rVSlPthM/4TB1 > ZWplls0UBmXbdddSw7TbcO/wFZO5tnBX0KutyZ6Vm4Gn/DVJY87HPjb8qokBMmtD > Yfw8NSIP+LlmPzIkS8KlXWoKBHQ7rHR50lNvJTfNlknDG8rnr7rP9uRUHmdvEP8R > FatN7pGOzkYfk2zCH9ZijCYdUWe7HySerYz7LTRVT2lLmjcUstBXtSv/ZW5QGHdM > jqZVI6JOFke6Hb2v7tOWtqRYzwW7XibXQEWEAVee+bQPxjlj2/6efxKt+OOBk4R/ > FowOUCCdPFpm8PaFJ/ogjZRkMAuTgx+EZ3I8j6E4BGxHlZgGdrNaGDa8QVjG7pgC > 4NOO+MXuWcef+pf4nKWiEntsVmM21nFuu+N8OyPN/x1jCih6E2kFGSz3a1V94bKl > b1+hf27kZjHE3iS6fFCRRhWOutrzXklsr4dwH14/HSSbVZl+aEOJ6q5WoNgWsoyO > 0RqVlJc3z4cdJCMrqIjXo7+FCSGENJqwC4R434M6pEF68HKp0/2rn7d4wkVIgO1b > 9hGOGVO74N/dGjSkZjWC+g6Qs7FXWqz5XkNMQFM4v7NXGWfZx6o= > =GuGh > -----END PGP SIGNATURE----- > > > _______________________________________________ > Fish-users mailing list > Fish-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/fish-users
fish.tar.gz
Description: application/gzip
_______________________________________________ Fish-users mailing list Fish-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fish-users
