Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: Zsh - Multiple DoS Vulnerabilities

X-seq: zsh-workers 44292
From: Bart Schaefer <schaefer@xxxxxxxxxxxxxxxx>
To: David Wells <bughunters@xxxxxxxxxxx>
Subject: Re: Zsh - Multiple DoS Vulnerabilities
Date: Mon, 13 May 2019 15:02:46 -0700
Cc: "zsh-workers@xxxxxxx" <zsh-workers@xxxxxxx>
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=brasslantern-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=ErCXb0cDJp31tv/DogmdjHntrXYGWBTj96iDWvmYTE8=; b=yWmGmR6bkDxM84fTxjhcJY68CdR4qX6MRaVSPsp2k2NCzHgLVUUlUXgQ9oJAaMKD4o /ripHzlgYpE+jXUIYFVDcld0R6mhpzdzeoNUVmcRzCAwWY8oATSmClWN4DZh9e6xycX7 3wSc0KGCoK9r0XyAiXO86Coj10ikq05qFW7Oa3yDP2ygi0ZJZAzOvaUWaz0e5is3Lykb 1afDxA94XeSdF64q35HRBARfrlwmSTzB26UbjIAOtAzCUCNJ82C5FQnsY9Sl9s4XyQwb +MudnD+sJBCdAtuMJSDQH+rN0ny+K5F2UjNhSTXfjlj+yzCCFnffEo7/hK0enRsva77U wI2g==
In-reply-to: <CAAOKOsfq-BDfbD1MD01f-soJdhK=rbvr-1kHubCs9uT4GNhG0g@mail.gmail.com>
List-help: <mailto:zsh-workers-help@zsh.org>
List-id: Zsh Workers List <zsh-workers.zsh.org>
List-post: <mailto:zsh-workers@zsh.org>
List-unsubscribe: <mailto:zsh-workers-unsubscribe@zsh.org>
Mailing-list: contact zsh-workers-help@xxxxxxx; run by ezmlm
References: <CAAOKOsfSAR5aRBvEcyQKRzDCvOgRJdyRvVb9AXMq6d22RaUozQ@mail.gmail.com> <CAH+w=7YSL2eLRWeXaZj09er-v4noxuALxAum5Zj4awLP=7mQRQ@mail.gmail.com> <20190512162149.3fsqupqftmwxrbvd@chaz.gmail.com> <CAAOKOsfq-BDfbD1MD01f-soJdhK=rbvr-1kHubCs9uT4GNhG0g@mail.gmail.com>

On Mon, May 13, 2019 at 9:29 AM David Wells <bughunters@xxxxxxxxxxx> wrote:
>
> Thanks for taking a look at these bugs. As Stephanie mentioned, security related risk may depend more on Zsh usage, and being that these crashes are Invalid Memory Access issues, they might allow an attacker to disclose parts of memory to help with a pre-exploitation process. It looks like there is patch activity on this thread, would you be able to provide me update on expected patch date and issues you are patching? Thank you.

It's Stephane, not Stephanie. :-)

Zsh support is entirely by volunteers, there's no one with time
dedicated to this.  It looks like Oliver may be tackling a number of
these, but there's no way for any of us to assert or predict a date
when any particular bug will get worked on or when a release will be
made.  (Please note that you're already testing a pre-release version
as it is.)

References:
- Zsh - Multiple DoS Vulnerabilities
  - From: David Wells
- Re: Zsh - Multiple DoS Vulnerabilities
  - From: Bart Schaefer
- Re: Zsh - Multiple DoS Vulnerabilities
  - From: Stephane Chazelas
- Re: Zsh - Multiple DoS Vulnerabilities
  - From: David Wells

Messages sorted by: Reverse Date, Date, Thread, Author