[Bug 1377295] [NEW] Please merge mksh 50c-1 (main) from Debian sid (main)

Fri, 03 Oct 2014 12:51:16 -0700 

*** This bug is a security vulnerability ***

Public security bug reported:

Binary package hint: mksh, pdksh

Hi!

Please merge the latest mksh version from Debian sid (it’s going into
testing → jessie RSN, too, and I plan to backport it as well; I’m the
Debian maintainer as well as upstream).

I’ll attach a debdiff against Debian and one against the last Ubuntu
version.

Thanks!

The new changelog entries are:

mksh (50c-1) unstable; urgency=high

  * New upstream security release:
    - [tg] Know more rare signals when generating sys_signame[] replacement
    - [tg] OpenBSD sync (mostly RCSID only)
    - [tg] Document HISTSIZE limit; found by luigi_345 on IRC
    - [zacts] Fix link to Debian .mkshrc
    - [tg] Cease exporting $RANDOM (Debian #760857)
    - [tg] Fix C99 compatibility
    - [tg] Work around klibc bug causing a coredump (Debian #763842)
    - [tg] Use [197]issetugid(2) as additional check if we are FPRIVILEGED
    - [tg] SECURITY: do not permit += from environment
    - [tg] Fix more field splitting bugs reported by Stephane Chazelas and
      mikeserv; document current status wrt. ambiguous ones as testcases too
  * Policy 3.9.6, no changes
  * Use klibc on x32 again, to be binNMUable, and since it works good enough
  * Update lintian overrides

 -- Thorsten Glaser <t...@mirbsd.de>  Fri, 03 Oct 2014 18:56:34 +0000

mksh (50b-1) unstable; urgency=high

  * Bring back accidentally lost changelog entry for version 49-2
  * Note what was actually imported from CVS in the 50-4 changelog
  * Disable klibc builds on x32 for now, they’re essentially amd64
  * New upstream version; remaining change:
    - [tg, Jb_boin] Relax overzealous nameref RHS checks
  * Update /etc/skel/.mkshrc with example how to force UTF-8
  * Fix gitweb URL in README.Debian
  * Urgency high due to script regression since 50-1
  * Add NEWS entry for mksh script language changes in 50-1

 -- Thorsten Glaser <t...@mirbsd.de>  Wed, 03 Sep 2014 22:30:55 +0200

** Affects: mksh (Ubuntu)
     Importance: Undecided
         Status: New

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1377295

Title:
  Please merge mksh 50c-1 (main) from Debian sid (main)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mksh/+bug/1377295/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to