Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: zsh 5.8.1 released (CVE-2021-45444)

X-seq: zsh-users 27522
From: "Daniel Shahaf" <d.s@xxxxxxxxxxxxxxxxxx>
To: zsh-users@xxxxxxx
Subject: Re: zsh 5.8.1 released (CVE-2021-45444)
Date: Sun, 13 Feb 2022 18:33:14 +0000
Archived-at: <https://zsh.org/users/27522>
In-reply-to: <2864ED24-62C9-4B2B-AA73-6D667C912DF8@dana.is>
List-id: <zsh-users.zsh.org>
References: <3C1F736D-13E7-48FC-A708-EEE0F6E7253C@dana.is> <07a9d039-38c6-e98b-2af0-a0da44b7ad96@rayninfo.co.uk> <2864ED24-62C9-4B2B-AA73-6D667C912DF8@dana.is>

dana wrote on Sun, 13 Feb 2022 10:10 +00:00:
> On 13 Feb 2022, at 02:58, david rayner <david@xxxxxxxxxxxxxx> wrote:
>> Out of curiosity what is the process by which this will filter out to the
>> various Linux & other distributions. Is it ad-hoc (I see you mention a
>> security mailing list) ?
>
> The people who maintain those distributions' zsh packages are generally
> subscribed to the mailing list, and they pull down the update when they see
> the announcement.

Note that by "the mailing list" dana meant zsh-announce@, not
zsh-security@.  The latter is used exclusively for discussing
vulnerabilities that have not yet been made public.

Cheers,

Daniel

References:
- Re: zsh 5.8.1 released (CVE-2021-45444)
  - From: david rayner
- Re: zsh 5.8.1 released (CVE-2021-45444)
  - From: dana

Messages sorted by: Reverse Date, Date, Thread, Author