| From 4abf2fc193fc2f3e680deecbf81289a7b02e245b Mon Sep 17 00:00:00 2001 |
| From: dana <dana@dana.is> |
| Date: Tue, 21 Dec 2021 13:13:33 -0600 |
| Subject: [PATCH 3/9] CVE-2021-45444: Update NEWS/README |
| |
| https://salsa.debian.org/debian/zsh/-/blob/debian/5.8-6+deb11u1/debian/patches/cherry-pick-CVE-2021-45444_3.patch |
| Upstream-Status: Backport |
| CVE: CVE-2021-45444 |
| Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> |
| --- |
| ChangeLog | 2 ++ |
| NEWS | 20 ++++++++++++++++++++ |
| README | 6 ++++++ |
| 3 files changed, 28 insertions(+) |
| |
| diff --git a/ChangeLog b/ChangeLog |
| index 9a05a09e1..93b0bc337 100644 |
| --- a/ChangeLog |
| +++ b/ChangeLog |
| @@ -1,5 +1,7 @@ |
| 2022-01-27 dana <dana@dana.is> |
| |
| + * CVE-2021-45444: NEWS, README: Document preceding two changes |
| + |
| * Marc Cornellà: security/89: |
| Etc/CVE-2021-45444-VCS_Info-workaround.patch: Add patch which |
| can optionally be used to work around recursive PROMPT_SUBST |
| diff --git a/NEWS b/NEWS |
| index 964e1633f..d34b3f79e 100644 |
| --- a/NEWS |
| +++ b/NEWS |
| @@ -4,6 +4,26 @@ CHANGES FROM PREVIOUS VERSIONS OF ZSH |
| |
| Note also the list of incompatibilities in the README file. |
| |
| +Changes since 5.8 |
| +----------------- |
| + |
| +CVE-2021-45444: Some prompt expansion sequences, such as %F, support |
| +'arguments' which are themselves expanded in case they contain colour |
| +values, etc. This additional expansion would trigger PROMPT_SUBST |
| +evaluation, if enabled. This could be abused to execute code the user |
| +didn't expect. e.g., given a certain prompt configuration, an attacker |
| +could trick a user into executing arbitrary code by having them check |
| +out a Git branch with a specially crafted name. |
| + |
| +This is fixed in the shell itself by no longer performing PROMPT_SUBST |
| +evaluation on these prompt-expansion arguments. |
| + |
| +Users who are concerned about an exploit but unable to update their |
| +binaries may apply the partial work-around described in the file |
| +'Etc/CVE-2021-45444 VCS_Info workaround.patch' included with the shell |
| +source. [ Reported by RyotaK <security@ryotak.me>. Additional thanks to |
| +Marc Cornellà <hello@mcornella.com>. ] |
| + |
| Changes since 5.7.1-test-3 |
| -------------------------- |
| |
| diff --git a/README b/README |
| index 7f1dd5f92..c9e994ab3 100644 |
| --- a/README |
| +++ b/README |
| @@ -31,6 +31,12 @@ Zsh is a shell with lots of features. For a list of some of these, see the |
| file FEATURES, and for the latest changes see NEWS. For more |
| details, see the documentation. |
| |
| +Incompatibilities since 5.8 |
| +--------------------------- |
| + |
| +PROMPT_SUBST expansion is no longer performed on arguments to prompt- |
| +expansion sequences such as %F. |
| + |
| Incompatibilities since 5.7.1 |
| ----------------------------- |
| |
| -- |
| 2.34.1 |