Publishing details

• Published on 2020-08-01

Changelog

ksh (93u+20120801-3.4+deb10u1) buster; urgency=high

  * Fix for CVE-2019-14868: in ksh version 20120801, a flaw was found
    in the way it evaluates certain environment variables. An attacker
    could use this flaw to override or bypass environment restrictions
    to execute shell commands. Services and applications that allow
    remote unauthenticated attackers to provide one of those
    environment variables could allow them to exploit this issue
    remotely. (Closes: #948989)

 -- Anuradha Weeraman <email address hidden>  Sun, 12 Jul 2020 11:26:07 -0400

Builds

Package files

• ksh_93u+20120801-3.4+deb10u1.debian.tar.xz (17.2 KiB)
• ksh_93u+20120801-3.4+deb10u1.dsc (1.8 KiB)
• ksh_93u+20120801.orig.tar.gz (2.3 MiB)