From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 6998 invoked by alias); 9 Oct 2014 01:55:30 -0000 Mailing-List: contact zsh-announce-help@zsh.org; run by ezmlm Precedence: bulk X-No-Archive: yes List-Id: Zsh Announcement List List-Post: (Postings are Moderated) List-Help: X-Seq: 130 Received: (qmail 18318 invoked from network); 8 Oct 2014 18:38:40 -0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on f.primenet.com.au X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.2 X-Originating-IP: [80.3.229.105] X-Spam: 0 X-Authority: v=2.1 cv=Cq4xcxID c=1 sm=1 tr=0 a=uz1KDxDNIq33yePw376BBA==:117 a=uz1KDxDNIq33yePw376BBA==:17 a=NLZqzBF-AAAA:8 a=uObrxnre4hsA:10 a=kj9zAlcOel0A:10 a=HYshxDoSAAAA:8 a=eoA9dSfDAj6EbYLjvZUA:9 a=CjuIK1q_8ugA:10 a=LWVaL4Q5_TUA:10 Date: Wed, 8 Oct 2014 19:38:35 +0100 From: Peter Stephenson To: Zsh Announcement List Subject: zsh 5.0.7 released Message-ID: <20141008193835.5d66c0ad@pws-pc.ntlworld.com> X-Mailer: Claws Mail 3.8.0 (GTK+ 2.24.7; x86_64-redhat-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Version 5.0.7 of zsh is released. You can get it from http://www.zsh.org/pub and mirrors (see below). This is a stable release. There are minor new features as well as bug fixes since 5.0.6. Note in particular there is a security fix to disallow evaluation of the initial values of integer variables imported from the environment (they are instead treated as literal numbers). That could allow local privilege escalation, under some specific and atypical conditions where zsh is being invoked in privilege elevation contexts when the environment has not been properly sanitized, such as when zsh is invoked by sudo on systems where "env_reset" has been disabled. pws