USN-5367-1

Source

https://ubuntu.com/security/notices/USN-5367-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-5367-1.json

Related

CVE-2022-20001

Published

2022-08-10T18:31:37.055355Z

Modified

2022-08-10T18:31:37.055355Z

Details

Justin Steven discovered that fish was not properly filtering local git configuration directives when running background git commands. A remote unauthenticated attacker could possibly use this issue to execute arbitrary code.

References

Affected packages

Ubuntu:Pro:22.04:LTS / fish

Package

Name: fish

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.3.1+ds-3ubuntu0.1~esm1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "fish": "3.3.1+ds-3ubuntu0.1~esm1",
            "fish-common": "3.3.1+ds-3ubuntu0.1~esm1"
        }
    ]
}

Ubuntu:Pro:20.04:LTS / fish

Package

Name: fish

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.1.0-1.2ubuntu0.1~esm1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "fish": "3.1.0-1.2ubuntu0.1~esm1",
            "fish-common": "3.1.0-1.2ubuntu0.1~esm1"
        }
    ]
}