Justin Steven discovered that fish was not properly filtering local git configuration directives when running background git commands. A remote unauthenticated attacker could possibly use this issue to execute arbitrary code.
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "binaries": [ { "fish": "3.3.1+ds-3ubuntu0.1~esm1", "fish-common": "3.3.1+ds-3ubuntu0.1~esm1" } ] }
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "binaries": [ { "fish": "3.1.0-1.2ubuntu0.1~esm1", "fish-common": "3.1.0-1.2ubuntu0.1~esm1" } ] }