Zsh Mailing List Archive
Messages sorted by: Reverse Date, Date, Thread, Author

CVE-2021-45444 really fixed in 5.8.1?



Hey!

Is CVE-2021-45444 really fixed in 5.8.1?

neo% zsh --version
zsh 5.8.1 (x86_64-debian-linux-gnu)
neo% mkdir test1
neo% cd test1
neo% git init
Initialized empty Git repository in /home/bernat/tmp/test1/.git/
neo% git checkout -b branch%1branch
Switched to a new branch 'branch%1branch'
neo% autoload -Uz vcs_info
neo% precmd() { vcs_info }
neo% setopt prompt_subst
neo% PS1='${vcs_info_msg_0_}%# '
 (git)-[branchranch]-%

%1 was interpreted while it shouldn't have been?

The provided workaround for older versions work fine.

After applying:

 (git)-[branch%1branch]-%
-- 
Don't stop at one bug.
            - The Elements of Programming Style (Kernighan & Plauger)




Messages sorted by: Reverse Date, Date, Thread, Author