Source: zsh Version: 5.4.2-3 Severity: normal Tags: patch security upstream
Hi, the following vulnerability was published for zsh, filling a bug in the BTS to keep track of the Debian fix. No DSA is IMHO warranted for the zsh CVEs currently known. CVE-2018-1083[0]: |check bounds on PATH_MAX-sized buffer used for file completion |candidates If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-1083 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1083 [1] https://sourceforge.net/p/zsh/code/ci/259ac472eac291c8c103c7a0d8a4eaf3c2942ed7 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
