Zsh Mailing List Archive
Messages sorted by: Reverse Date, Date, Thread, Author

Re: zsh seems to be vulnerable to CVE-2014-6271: remote code execution through bash



If you want to follow up, here's a news story describing the problem and
implications:

http://www.theregister.co.uk/2014/09/24/bash_shell_vuln/

There's nothing in zsh that corresponds to this particular problem; I
can't think of an easy way to get the environment to leak into code in
zsh without the code doing it deliberately but feel free to have a
think --- some of the special variable handling is quite complicated.

pws



Messages sorted by: Reverse Date, Date, Thread, Author