Zsh Mailing List Archive
Messages sorted by: Reverse Date, Date, Thread, Author

Re: Zsh - Multiple DoS Vulnerabilities

On Mon, May 13, 2019 at 9:29 AM David Wells <bughunters@xxxxxxxxxxx> wrote:
> Thanks for taking a look at these bugs. As Stephanie mentioned, security related risk may depend more on Zsh usage, and being that these crashes are Invalid Memory Access issues, they might allow an attacker to disclose parts of memory to help with a pre-exploitation process. It looks like there is patch activity on this thread, would you be able to provide me update on expected patch date and issues you are patching? Thank you.

It's Stephane, not Stephanie. :-)

Zsh support is entirely by volunteers, there's no one with time
dedicated to this.  It looks like Oliver may be tackling a number of
these, but there's no way for any of us to assert or predict a date
when any particular bug will get worked on or when a release will be
made.  (Please note that you're already testing a pre-release version
as it is.)

Messages sorted by: Reverse Date, Date, Thread, Author