From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.4 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,
	T_SCC_BODY_TEXT_LINE,UNPARSEABLE_RELAY autolearn=ham
	autolearn_force=no version=3.4.4
Received: (qmail 9340 invoked from network); 12 Feb 2022 15:55:25 -0000
Received: from zero.zsh.org (2a02:898:31:0:48:4558:7a:7368)
  by inbox.vuxu.org with ESMTPUTF8; 12 Feb 2022 15:55:25 -0000
ARC-Seal: i=1; cv=none; a=rsa-sha256; d=zsh.org; s=rsa-20210803; t=1644681325;
	 b=sVzpdm0BHZwIUykmtubXfvWAm1bl4kXAFr81KQf9xINN80mFl30KGb70p33X0rDP4nj+vU9L28
	  mYKeXYOJyiP7eUzosACc94/okN0agCeELz1EaAlrlAiciI7abytP6WcaoLDbep9oC86arPecrt
	  U4zE1xOEIvcT3esiEjg8MxLgpTZ2F90afs+DVMtxW0rYSeVTufkvMxhcSs7BbWaPH1e9csqpdU
	  cyVq2EVzIJIgtJ/DRrsG8xv/ZPclJ/ttfQzmxStAkv5p789lf6bsBmk0XzAnn4xAfX6vP6bGbb
	  bHx4/JDvcHA4saguVFDoL41t1w+RYTf+UFa0gpDXbnXfsA==;
ARC-Authentication-Results: i=1; zsh.org;
	iprev=pass (mail-io1-f52.google.com) smtp.remote-ip=209.85.166.52;
	dkim=pass header.d=dana.is header.s=google header.a=rsa-sha256;
	dmarc=pass header.from=dana.is;
	arc=none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed; d=zsh.org; s=rsa-20210803; t=1644681325;
	bh=ZleCUhHNBD0C4xRjJLyyB3RdBBznKFWGzMkEEIuReQk=;
	h=List-Archive:List-Owner:List-Post:List-Unsubscribe:List-Subscribe:List-Help:
	  List-Id:Sender:To:Date:Message-ID:Subject:MIME-Version:
	  Content-Transfer-Encoding:Content-Type:From:DKIM-Signature:DKIM-Signature;
	b=GYslnc6kqPufXgQ4/hySiVLmbhwoP1k0g/eKqJQLYXZmxArZKjF4a5DRfAe3T0rvjxTGW2Rwv+
	  GkQbA4BF97f0FgT5E6HGt+FkUHDUtFe+ZNZt/ANqNIbi6UEVxreBTv26OTJvZ0Hm43eEYP1Ckc
	  teZb4yerY6DHZvCdUXRRxkWHPhBaFDi2OKnJAJKk03pK6v4LMXSD3BSbNBzSQ7reVSjJ4I9hMC
	  +jGoVSW1AZR65tGqDlBlOy+0r55iAmQzR/6oMH7TUNw+F3bDeLJCAgtgBkHPJ9PwRkInHpsSaM
	  PjqFHFw5401lx1KnQBenrfBGsMVQJW1b7YdjMnkApzzXMA==;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=zsh.org;
	s=rsa-20210803; h=List-Archive:List-Owner:List-Post:List-Unsubscribe:
	List-Subscribe:List-Help:List-Id:Sender:To:Date:Message-Id:Subject:
	Mime-Version:Content-Transfer-Encoding:Content-Type:From:Reply-To:Cc:
	Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
	Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References;
	bh=wbyLbLZe103FOQqulvC7b5sb8TVCay8EK3mHVx8hPME=; b=emN+NTfKaD5A+yLe3EePY/MV7S
	O9OJY30hE4awo6NouWnZBQpxS+8fbK6ilys4tXwLKMVdFSNOdO9GavSebEQvmOAxyOXs+zacLX2No
	58JR4kKFCkPIEtZaEkKm1fofQHwMU8DernlcCwSNsEhENPWvyxzpje6QHfv30KklZQ4ws9t5fa5dZ
	cImGTmZ2EHtBdeqboFI8GApRUofxBssdw9RmqWeF9jKZlebGn+v561uUquDVI1lAzcwGvTHkX9Vcn
	SURkXyDeFpxZr86cB26G00fWnu8Qa67MjQyTBivSHDZNd41rJ67IxfmkBzJTo1RrEP+Hs/xQChRDm
	yNA4W4rA==;
Received: from authenticated user by zero.zsh.org with local 
	id 1nIuk9-000PPL-3K; Sat, 12 Feb 2022 15:55:25 +0000
Authentication-Results: zsh.org;
	iprev=pass (mail-io1-f52.google.com) smtp.remote-ip=209.85.166.52;
	dkim=pass header.d=dana.is header.s=google header.a=rsa-sha256;
	dmarc=pass header.from=dana.is;
	arc=none
Received: from mail-io1-f52.google.com ([209.85.166.52]:45701)
	by zero.zsh.org with esmtps (TLS1.3:TLS_AES_128_GCM_SHA256:128)
	id 1nIuWf-000OJ8-R9; Sat, 12 Feb 2022 15:41:31 +0000
Received: by mail-io1-f52.google.com with SMTP id s18so14921405ioa.12
        for <zsh-announce@zsh.org>; Sat, 12 Feb 2022 07:41:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=dana.is; s=google;
        h=from:content-transfer-encoding:mime-version:subject:message-id:date
         :to;
        bh=wbyLbLZe103FOQqulvC7b5sb8TVCay8EK3mHVx8hPME=;
        b=WVHKKAS8H5D1IvqibsDVgfAAmyDcXkOdUHVLJ2nQKRWJVzC43pRLk8byUEgpKHgO1f
         MsUV1ZG20pdbC3rWncfV8jd2SayA3DGn6OHC8CFrg3iT/nIxyOo708Zdoch0DMRuScG1
         sTCjV8LxL4JHNStkQmUCJIi9bvXtJoNI91CJ8=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:content-transfer-encoding:mime-version
         :subject:message-id:date:to;
        bh=wbyLbLZe103FOQqulvC7b5sb8TVCay8EK3mHVx8hPME=;
        b=3K6bQbm3MzYi7CBp3eOTOGDS/eGkEjN1vnaIl7pyqi4PxNvnvTJnm94r2V2FaCXCCU
         15W/Pwkwuti7Q9pBtEvN2s96ArYkilNxPtDT2xVa9eROKEJjuYzuHKPT0e5/XphuYl36
         0qgBtPGLHfM/uwHg8i7fmHJs5we4iydO2NOhfOVktt80fVR8Jf+dm1GdL/Bh6lpCf/Fd
         6zy1NVwxJK2ijdSCsUaEOpnAPW/GrmRyF2eClvMtXtIpluGWtx/jSVicg22HS50aKpM1
         QiKMlRi52vRu6MZe5iOMCjovSOizQ4AAclVkjw1wYjJbkV/demu2fo8o5RgI778F8b2I
         TRkQ==
X-Gm-Message-State: AOAM531M8MxUIRxBB7IwM4BldXrLcl5VwoPHaCrxeC1nf16geswcGq86
	ER5qhIt+MAJ5S2mXCMphFXxHJHvyBimSVQ==
X-Google-Smtp-Source: ABdhPJwb6+pCm4ghbfRMHw9AGshOnx9yH/qUoGk3tV9ZwPJ9fQsdSGXKL0gtp3Afr9toIqD6J6ubdA==
X-Received: by 2002:a6b:b7cf:: with SMTP id h198mr3254716iof.166.1644680488360;
        Sat, 12 Feb 2022 07:41:28 -0800 (PST)
Received: from heartswap.lan.dana.is ([173.17.84.59])
        by smtp.gmail.com with ESMTPSA id l12sm16422661iow.48.2022.02.12.07.41.27
        for <zsh-announce@zsh.org>
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Sat, 12 Feb 2022 07:41:27 -0800 (PST)
From: dana <dana@dana.is>
Content-Type: text/plain;
	charset=us-ascii
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.7\))
Subject: zsh 5.8.1 released (CVE-2021-45444)
Message-Id: <3C1F736D-13E7-48FC-A708-EEE0F6E7253C@dana.is>
Date: Sat, 12 Feb 2022 09:41:26 -0600
To: zsh-announce@zsh.org
X-Mailer: Apple Mail (2.3608.120.23.2.7)
X-Validation-by: p.w.stephenson@ntlworld.com
X-Seq: 142
Archived-At: <https://zsh.org/announce/142>
X-Loop: zsh-announce@zsh.org
Errors-To: zsh-announce-owner@zsh.org
Precedence: list
Precedence: bulk
Sender: zsh-announce-request@zsh.org
X-no-archive: yes
List-Id: <zsh-announce.zsh.org>
List-Help: <mailto:sympa@zsh.org?subject=help>
List-Subscribe: <mailto:sympa@zsh.org?subject=subscribe%20zsh-announce>
List-Unsubscribe: <mailto:sympa@zsh.org?subject=unsubscribe%20zsh-announce>
List-Post: <mailto:zsh-announce@zsh.org>
List-Owner: <mailto:zsh-announce-request@zsh.org>
List-Archive: <http://www.zsh.org/sympa/arc/zsh-announce>

Hello,

zsh 5.8.1 has been released and made available for download at the
following locations:

  https://sourceforge.net/projects/zsh/files/
  https://www.zsh.org/pub/

This is a stable security release with a few bug fixes, including one
for CVE-2021-45444, a vulnerability in prompt expansion which could be
exploited through e.g. VCS_Info to execute arbitrary shell commands
without a user's knowledge. All sites are encouraged to update from
zsh 5.8. A partial work-around which can be applied within a running
shell is provided in the source distribution for those who are unable
to update their shell binaries.

For further details, please refer to the README and NEWS files
distributed with the shell, or see here:

  https://zsh.sourceforge.io/releases.html

PS: Maintainers of down-stream zsh packages are invited to e-mail
<zsh-security@zsh.org> if they would like to request pre-notification
of security releases like this one.

dana