Back to ksh PTS page

Accepted ksh 93u+20120801-3.4+deb10u1 (source) into proposed-updates->stable-new, proposed-updates



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 12 Jul 2020 11:26:07 -0400
Source: ksh
Architecture: source
Version: 93u+20120801-3.4+deb10u1
Distribution: buster
Urgency: high
Maintainer: Nicholas Bamber <nicholas@periapt.co.uk>
Changed-By: Anuradha Weeraman <anuradha@debian.org>
Closes: 948989
Changes:
 ksh (93u+20120801-3.4+deb10u1) buster; urgency=high
 .
   * Fix for CVE-2019-14868: in ksh version 20120801, a flaw was found
     in the way it evaluates certain environment variables. An attacker
     could use this flaw to override or bypass environment restrictions
     to execute shell commands. Services and applications that allow
     remote unauthenticated attackers to provide one of those
     environment variables could allow them to exploit this issue
     remotely. (Closes: #948989)
Checksums-Sha1:
 41bfe116eae6ef9c6a34ad7100017d00580eb63a 1876 ksh_93u+20120801-3.4+deb10u1.dsc
 c3647a3a8232b66e8f731fc34213441b2e7567e0 17576 ksh_93u+20120801-3.4+deb10u1.debian.tar.xz
 ef87d7639771eced1d5890013942d6c6970e4f5f 5742 ksh_93u+20120801-3.4+deb10u1_amd64.buildinfo
Checksums-Sha256:
 1b6ab2859bdb0adb96f2b2f7d3116008f5382f0a27871549b658103db281e941 1876 ksh_93u+20120801-3.4+deb10u1.dsc
 f3379767c58f9c6c1915919f05520bf56cd2429884a7b8c76576206301f2c2b0 17576 ksh_93u+20120801-3.4+deb10u1.debian.tar.xz
 b0deb85adc29eb2b6d7c67bf2746b2c184059c84b9da604b791ebddebeaa0570 5742 ksh_93u+20120801-3.4+deb10u1_amd64.buildinfo
Files:
 f9f2ac68acee3d114126f43e7fb8209d 1876 shells optional ksh_93u+20120801-3.4+deb10u1.dsc
 28ee52a4dcc5c7d31dc2a060d3cc2d58 17576 shells optional ksh_93u+20120801-3.4+deb10u1.debian.tar.xz
 17fbb74f473b84558f336fae443def8a 5742 shells optional ksh_93u+20120801-3.4+deb10u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE9WuPFOAUze9dBH/BY221odkYYP0FAl8cl8AACgkQY221odkY
YP3PnxAAqCzrBi0Z79iGei4fhbJKgKcG8ZsYu26oOan8eEKiUsNGLayu1EVmxAhF
Qn38oXceYk+rQxF6iBlbv5EWPbvUU4GPobArHLNN0aW8w8wwQ4jRCR8n7h9evNMP
SDYZX8TPX9fNjFYRX4Ya/CNfzPlknqwRER0nluM1Nsy/AoLYTzW51ZXX18KBvS0w
De1DyoQ0nvQdlwE6DahTK9gnv2Aqhmk/FzwWrjVLdCIXzJ3MFg1IX2BDixz0S5hT
ivEDMhXoaYEoC0dZvWpwAtZ/+bmF4hn1xf9cErLDhWRhc47i2Q0Wa1LoPsQFI4jr
iQQo/5cy0KgGeMwtch/EzFBiXHZHmnkjlHRnNCITP6POLmuzBrza9+C8VJiuteT9
+eD5bSpE5HtZWfmDkUlSfrN6sB1gUas8bStAXO0E1Vl6gIe2Xv4h9XZzilvQjT9m
EgmTeqYfH31N1k7M6bYleSFsqfhzfqHyLeqsfCgFzeTIqAqC1r1k2ooFUQX/d0GY
QNPgSfdyFsAI2Mb4UsL301aINqWDRnRY05+MCGCVvhEZQUowyB1/VHXb6NpMyqpP
n44FaRrCRY116hsn815ZuwBnkS1Ov0q8U/qHsovoXWrGayzY1lySugG4GVgLlK1M
L5qqUcwtL1FJFM1Y7SpEUlQvy+k6h9bpwWI5vPymRHxCx27SkZc=
=mZy6
-----END PGP SIGNATURE-----