[Bug 1377295] [NEW] Please merge mksh 50c-1 (main) from Debian sid (main)

Launchpad Bug Tracker 1377295 at bugs.launchpad.net
Fri Oct 3 19:40:05 UTC 2014 

*** This bug is a security vulnerability ***

You have been subscribed to a public security bug by Thorsten Glaser (mirabilos):

Binary package hint: mksh, pdksh

Hi!

Please merge the latest mksh version from Debian sid (it’s going into
testing → jessie RSN, too, and I plan to backport it as well; I’m the
Debian maintainer as well as upstream).

I’ll attach a debdiff against Debian and one against the last Ubuntu
version.

Thanks!

The new changelog entries are:

mksh (50c-1) unstable; urgency=high

  * New upstream security release:
    - [tg] Know more rare signals when generating sys_signame[] replacement
    - [tg] OpenBSD sync (mostly RCSID only)
    - [tg] Document HISTSIZE limit; found by luigi_345 on IRC
    - [zacts] Fix link to Debian .mkshrc
    - [tg] Cease exporting $RANDOM (Debian #760857)
    - [tg] Fix C99 compatibility
    - [tg] Work around klibc bug causing a coredump (Debian #763842)
    - [tg] Use [197]issetugid(2) as additional check if we are FPRIVILEGED
    - [tg] SECURITY: do not permit += from environment
    - [tg] Fix more field splitting bugs reported by Stephane Chazelas and
      mikeserv; document current status wrt. ambiguous ones as testcases too
  * Policy 3.9.6, no changes
  * Use klibc on x32 again, to be binNMUable, and since it works good enough
  * Update lintian overrides

 -- Thorsten Glaser <tg at mirbsd.de>  Fri, 03 Oct 2014 18:56:34 +0000

mksh (50b-1) unstable; urgency=high

  * Bring back accidentally lost changelog entry for version 49-2
  * Note what was actually imported from CVS in the 50-4 changelog
  * Disable klibc builds on x32 for now, they’re essentially amd64
  * New upstream version; remaining change:
    - [tg, Jb_boin] Relax overzealous nameref RHS checks
  * Update /etc/skel/.mkshrc with example how to force UTF-8
  * Fix gitweb URL in README.Debian
  * Urgency high due to script regression since 50-1
  * Add NEWS entry for mksh script language changes in 50-1

 -- Thorsten Glaser <tg at mirbsd.de>  Wed, 03 Sep 2014 22:30:55 +0200

** Affects: mksh (Ubuntu)
     Importance: Undecided
         Status: New

-- 
Please merge mksh 50c-1 (main) from Debian sid (main)
https://bugs.launchpad.net/bugs/1377295
You received this bug notification because you are a member of Ubuntu Sponsors Team, which is subscribed to the bug report.

More information about the Ubuntu-sponsors mailing list