DSA-5234-1

Source

https://storage.googleapis.com/debian-osv/dsa-osv/DSA-5234-1.json

Published

2022-09-21T00:00:00Z

Modified

2023-06-28T06:50:30.730737Z

Details

An arbitrary code execution vulnerability was disovered in fish, a command line shell. When using the default configuraton of fish, changing to a directory automatically ran git commands in order to display information about the current repository in the prompt. Such repositories can contain per-repository configuration that change the behavior of git, including running arbitrary commands.

For the stable distribution (bullseye), this problem has been fixed in version 3.1.2-3+deb11u1.

We recommend that you upgrade your fish packages.

For the detailed security status of fish please refer to its security tracker page at: \ https://security-tracker.debian.org/tracker/fish

References

https://www.debian.org/security/2022/dsa-5234

Affected packages

Debian:11 / fish

Source Details

Package Name: fish

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.1.2-3+deb11u1

Affected versions

3.*

3.1.2-3