Accepting request 254842 from home:Futhorc:branches:shells

Multiple security fixes, update to 2.1.1 OBS-URL: https://build.opensuse.org/request/show/254842 OBS-URL: https://build.opensuse.org/package/show/shells/fish?expand=0&rev=4
2014-10-09 17:19:42 +00:00
parent 2dac0937d0
commit 986e548e28
4 changed files with 31 additions and 11 deletions
--- a/fish.changes
+++ b/fish.changes
@@ -1,4 +1,23 @@
 -------------------------------------------------------------------
+Thu Oct  9 12:05:02 UTC 2014 - seanpwatson@live.com
+
+- update to 2.1.1
+- The fish_config web interface now uses an authentication token 
+to protect requests and only responds to requests from the local 
+machine with this token, preventing a remote code execution attack
+(closing CVE-2014-2914).
+- psub and funced are no longer vulnerable to attacks which 
+allow local privilege escalation and data tampering (closing 
+CVE-2014-2906 and CVE-2014-3856)
+- fishd uses a secure path for its socket, preventing a local 
+privilege escalation attack (closing CVE-2014-2905)
+- __fish_print_packages is no longer vulnerable to attacks which 
+would allow local privilege escalation and data tampering 
+(closing CVE-2014-3219)
+-fishd now ignores SIGPIPE, fixing crashes using tools like 
+GNU Parallel and which occurred more often as a result of 
+the other fishd changes.
+-------------------------------------------------------------------
 Sat Oct 12 20:34:28 UTC 2013 - mailaender@opensuse.org

 - update to 2.1.0