-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5234-1                   security@debian.org
https://www.debian.org/security/                                  Aron Xu
September 21, 2022                    https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : fish
CVE ID         : CVE-2022-20001

An arbitrary code execution vulnerability was disovered in fish, a
command line shell. When using the default configuraton of fish,
changing to a directory automatically ran `git` commands in order to
display information about the current repository in the prompt. Such
repositories can contain per-repository configuration that change the
behavior of git, including running arbitrary commands.

For the stable distribution (bullseye), this problem has been fixed in
version 3.1.2-3+deb11u1.

We recommend that you upgrade your fish packages.

For the detailed security status of fish please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/fish

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmMrW8pfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0Rrlg/9FWqWYkhEI1NHuxbo4DNcsWg6j29LwdrTnLZpBm/eIuV0uzeEVK53hPu0
COm76y3am/p+HVB5+JS5AMJ50Crjg6Ey2HgK+l9uaJh2lrXVpy87vGW/AehAX+DN
owZJrjbBHYcDaK4P179Wuic7V/WQnf8majq7OeCtCLNia2dIIgsQQ8smt2UXYSYg
inCgTMoVG8fjNE8MN9ntw/FP+B1zA1o6YG8S1LvRPGS8KZzEuv6HjYzZ/smGx5W0
pk8wY6KnbGBnb1VtJYhvnXNoYGh/riCLLQ5ASD/jZi+qLZsu+7OHFm+CTsITc/p4
Ln/Pfxmp3+FSjQ0SOpt1GJI9UHz0qOdMEc4/mvowkkZFT4emar3sgN1qfCxtH/HP
p566fc/ShwANJ3Y+sVwr8isy17at3exBdrSQowZUT3YRfhpU6Xen6eZIu2sJQzON
WKji6Cy3JNi+CVTi/RZnGBjxpX0mLv0GffzRZmENbcYt7uCMhbrsXno0pghpST2P
i3yBvI1VWL9FjOGMHzVov4vh6DysaDwQowWux2sEYCNSxsxs9KIWlBE9iiKWk0fI
+A1avvjnnaPaOrb+HsvuMYE+xgJigwcEJB9B+TonhnB+TlPaQM0IWeSM6Rty05U5
GPvbG547s31r+RJkmvcI5c0HUc3XPRNdt5XKv56sd6/9zI2hczc=
=2RGj
-----END PGP SIGNATURE-----