Opened 5 years ago

Closed 5 years ago

#11100 closed enhancement (fixed)


Reported by: Bruce Dubbs Owned by: Bruce Dubbs
Priority: normal Milestone: 8.4
Component: BOOK Version: SVN
Severity: normal Keywords:


New minor version.

Change History (3)

comment:1 by Bruce Dubbs, 5 years ago

Owner: changed from blfs-book to Bruce Dubbs
Status: newassigned

comment:2 by Bruce Dubbs, 5 years ago

Changes from 5.5.1-test-2 to 5.6

CVE-2018-0502: Data from the second line of a #! script file might be passed to execve(). For example, in the following situation -

    printf '#!foo\nbar' > baz

the shell might take "bar" rather than "foo" for the argv[0] to be passed to execve().

CVE-2018-13259: A shebang line longer than 64 characters would be truncated. For example, in the following situation:

    ( printf '#!'; repeat 64 printf 'x'; printf 'y' ) > foo

the shell might execute x...x (64 repetitions) rather than x...xy (64 x's, one y).

Changes from 5.5.1 to 5.5.1-test-2

Non-stop IEEE 754 arithmetic support - Inf and NaN are now returned from floating point operations where errors were printed before. Inf and NaN are also recognized in arithmetic expressions.

In shell patterns, :blank: now honors the locale instead of matching exclusively on space and tab, like for the other POSIX character classes or for extended regular expressions.

Nanosecond precision on file times is supported in the module zsh/stat.

comment:3 by Bruce Dubbs, 5 years ago

Resolution: fixed
Status: assignedclosed

Fixed at revision 20465.

Note: See TracTickets for help on using tickets.