On Sat Mar 14, 2020 at 04:31:00PM -0500, Matthew Martin wrote: > On Sat, Mar 14, 2020 at 08:21:10PM +0100, Rafael Sadowski wrote: > > "Security and bug fix release with a few user visible additions." > > Changelog: http://zsh.sourceforge.net/releases.html > > > > This release fixes CVE-2019-20044. (Not tested on OpenBSD) > > > > OK? Should it go into -stable without the @so changes? > > I have the same diff locally; however, I didn't send it because make > test hangs in V08zpty and I haven't had time to look into it yet (the > failure in D07multibyte is normal on OpenBSD). Does it not hang for you?
Yes I see the same hanging test. No time to look deeper for now. > > Personally I think CVE-2019-20044 and the PRIVILEGED option are dumb and > one shouldn't write security critical things in shell scripts, but I'm > not against backporting it. >