15.0 (x86)
Sat Apr 19 19:26:57 UTC 2025
patches/packages/zsh-5.9-i586-1_slack15.0.txz: Upgraded.
This release fixes a security issue in zsh-5.8:
Some prompt expansion sequences, such as %F, support 'arguments' which are
themselves expanded in case they contain colour values, etc. This additional
expansion would trigger PROMPT_SUBST evaluation, if enabled. This could be
abused to execute code the user didn't expect. e.g., given a certain prompt
configuration, an attacker could trick a user into executing arbitrary code
by having them check out a Git branch with a specially crafted name.
This is fixed in the shell itself by no longer performing PROMPT_SUBST
evaluation on these prompt-expansion arguments.
Note that this is a potential incompatibilty if you are relying
on the previous behavior of PROMPT_SUBST.
Thanks to pblsxw for the heads-up on this.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2021-45444
(* Security fix *)
|
Current (x86)
Thu Apr 24 20:01:14 UTC 2025
a/nut-2.8.3-i686-2.txz: Rebuilt.
Removed dangling symlinks. Thanks to marav.
a/pkgtools-15.1-noarch-29.txz: Rebuilt.
upgradepkg: improve checking the return code from installpkg.
Thanks to Petri Kaukasoina.
a/utempter-1.2.3-i686-1.txz: Upgraded.
d/python-setuptools-79.0.1-i686-1.txz: Upgraded.
|
Current (x86_64)
Thu Apr 24 20:01:14 UTC 2025
a/nut-2.8.3-x86_64-2.txz: Rebuilt.
Removed dangling symlinks. Thanks to marav.
a/pkgtools-15.1-noarch-29.txz: Rebuilt.
upgradepkg: improve checking the return code from installpkg.
Thanks to Petri Kaukasoina.
a/utempter-1.2.3-x86_64-1.txz: Upgraded.
d/python-setuptools-79.0.1-x86_64-1.txz: Upgraded.
|