[Buildroot] [PATCH 1/1] package/zsh: security bump to version 5.8

Peter Korsgaard peter at korsgaard.com
Sat Mar 14 17:20:50 UTC 2020

>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:

 > - Fix CVE-2019-20044: In Zsh before 5.8, attackers able to execute
 >   commands can regain privileges dropped by the --no-PRIVILEGED option.
 >   Zsh fails to overwrite the saved uid, so the original privileges can
 >   be restored by executing MODULE_PATH=/dir/with/module zmodload with a
 >   module that calls setuid().
 > - Update indentation of hash file (two spaces)

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>

Committed to 2019.02.x and 2019.11.x, thanks.

Bye, Peter Korsgaard

More information about the buildroot mailing list