Overview
Request 1132463 accepted
- New upstream release 3.6.4
* This release contains a complete fix for the test suite failure in fish
3.6.2 and 3.6.3.
- New upstream release 3.6.3
* This release contains a fix for a test suite failure in fish 3.6.2.
- New upstream release 3.6.2
This release of fish contains a security fix for CVE-2023-49284, a minor security problem identified
in fish 3.6.1 and previous versions (thought to affect all released versions of fish).
fish uses certain Unicode non-characters internally for marking wildcards and expansions. It
incorrectly allowed these markers to be read on command substitution output, rather than
transforming them into a safe internal representation.
For example, ``echo \UFDD2HOME`` has the same output as ``echo $HOME``.
While this may cause unexpected behavior with direct input, this may become a minor security problem
if the output is being fed from an external program into a command substitution where this output
may not be expected. (bsc#1217808, CVE-2023-49284)
- Enable tests
There is something wrong in the licence line change, I'm guessing it's the doubled AND
[ 217s] fish.src: E: invalid-license (Badness: 100000) AND BSD-3-Clause
Request History
simotek created request
- New upstream release 3.6.4
* This release contains a complete fix for the test suite failure in fish
3.6.2 and 3.6.3.
- New upstream release 3.6.3
* This release contains a fix for a test suite failure in fish 3.6.2.
- New upstream release 3.6.2
This release of fish contains a security fix for CVE-2023-49284, a minor security problem identified
in fish 3.6.1 and previous versions (thought to affect all released versions of fish).
fish uses certain Unicode non-characters internally for marking wildcards and expansions. It
incorrectly allowed these markers to be read on command substitution output, rather than
transforming them into a safe internal representation.
For example, ``echo \UFDD2HOME`` has the same output as ``echo $HOME``.
While this may cause unexpected behavior with direct input, this may become a minor security problem
if the output is being fed from an external program into a command substitution where this output
may not be expected. (bsc#1217808, CVE-2023-49284)
- Enable tests
anag+factory set openSUSE:Factory:Staging:F as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:F"
anag+factory accepted review
Picked "openSUSE:Factory:Staging:F"
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto accepted review
Check script succeeded
anag+factory added factory-staging as a reviewer
Being evaluated by group "factory-staging"
anag+factory accepted review
Unstaged from project "openSUSE:Factory:Staging:F"
anag+factory set openSUSE:Factory:Staging:E as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:E"
anag+factory accepted review
Picked "openSUSE:Factory:Staging:E"
licensedigger accepted review
The legal review is accepted preliminary. The package may require actions later on.
dimstar accepted review
anag+factory accepted review
Staging Project openSUSE:Factory:Staging:E got accepted.
anag+factory approved review
Staging Project openSUSE:Factory:Staging:E got accepted.
anag+factory accepted request
Staging Project openSUSE:Factory:Staging:E got accepted.
