Debian Linux Security Advisory 5234-1 - An arbitrary code execution vulnerability was disovered in fish, a command line shell. When using the default configuraton of fish, changing to a directory automatically ran `git` commands in order to display information about the current repository in the prompt. Such repositories can contain per-repository configuration that change the behavior of git, including running arbitrary commands.
d6134612ed2eb603546e00e78930c6db0692023b8724bb62b9827ee351491ec4-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5234-1 security@debian.org
https://www.debian.org/security/ Aron Xu
September 21, 2022 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : fish
CVE ID : CVE-2022-20001
An arbitrary code execution vulnerability was disovered in fish, a
command line shell. When using the default configuraton of fish,
changing to a directory automatically ran `git` commands in order to
display information about the current repository in the prompt. Such
repositories can contain per-repository configuration that change the
behavior of git, including running arbitrary commands.
For the stable distribution (bullseye), this problem has been fixed in
version 3.1.2-3+deb11u1.
We recommend that you upgrade your fish packages.
For the detailed security status of fish please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/fish
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmMrW8pfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0Rrlg/9FWqWYkhEI1NHuxbo4DNcsWg6j29LwdrTnLZpBm/eIuV0uzeEVK53hPu0
COm76y3am/p+HVB5+JS5AMJ50Crjg6Ey2HgK+l9uaJh2lrXVpy87vGW/AehAX+DN
owZJrjbBHYcDaK4P179Wuic7V/WQnf8majq7OeCtCLNia2dIIgsQQ8smt2UXYSYg
inCgTMoVG8fjNE8MN9ntw/FP+B1zA1o6YG8S1LvRPGS8KZzEuv6HjYzZ/smGx5W0
pk8wY6KnbGBnb1VtJYhvnXNoYGh/riCLLQ5ASD/jZi+qLZsu+7OHFm+CTsITc/p4
Ln/Pfxmp3+FSjQ0SOpt1GJI9UHz0qOdMEc4/mvowkkZFT4emar3sgN1qfCxtH/HP
p566fc/ShwANJ3Y+sVwr8isy17at3exBdrSQowZUT3YRfhpU6Xen6eZIu2sJQzON
WKji6Cy3JNi+CVTi/RZnGBjxpX0mLv0GffzRZmENbcYt7uCMhbrsXno0pghpST2P
i3yBvI1VWL9FjOGMHzVov4vh6DysaDwQowWux2sEYCNSxsxs9KIWlBE9iiKWk0fI
+A1avvjnnaPaOrb+HsvuMYE+xgJigwcEJB9B+TonhnB+TlPaQM0IWeSM6Rty05U5
GPvbG547s31r+RJkmvcI5c0HUc3XPRNdt5XKv56sd6/9zI2hczc=
=2RGj
-----END PGP SIGNATURE-----
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed