mirror of
https://git.busybox.net/buildroot.git
synced 2024-12-11 22:33:29 +08:00
141ec69812
- Fix CVE-2019-20044: In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid(). - Update indentation of hash file (two spaces) Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> |
||
---|---|---|
.. | ||
Config.in | ||
zsh.hash | ||
zsh.mk |