Debian Linux Security Advisory 5234-1 - An arbitrary code execution vulnerability was disovered in fish, a command line shell. When using the default configuraton of fish, changing to a directory automatically ran `git` commands in order to display information about the current repository in the prompt. Such repositories can contain per-repository configuration that change the behavior of git, including running arbitrary commands.
d6134612ed2eb603546e00e78930c6db0692023b8724bb62b9827ee351491ec4