Update debian/changelog

Gbp-Dch: Ignore
author: Axel Beckert <abe@deuxchevaux.org> 2020-02-16 03:29:19 +0100
committer: Axel Beckert <abe@deuxchevaux.org> 2020-02-16 17:58:33 +0100
commit: a051a4c173dc20a3cf09a3f63e3e339736eb6753 (patch)
tree: de7ebee3f7f9cd734b0500958ea8a39bf23ea1c3
parent: 2794556a41b50f635b6aa49c32fc6ca7bc08c901 (diff)
download: zsh-a051a4c173dc20a3cf09a3f63e3e339736eb6753.tar.gz
zsh-a051a4c173dc20a3cf09a3f63e3e339736eb6753.zip
1 files changed, 12 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index 048dfdf40..7b2a923a5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,15 @@
+zsh (5.8-1) UNRELEASED; urgency=medium
+
+  * Import upstream version 5.8
+    + Fixes CVE-2019-20044: When unsetting the PRIVILEGED option, the
+      shell sets its effective user and group IDs to match their
+      respective real IDs. On some platforms (including Linux), when the
+      RUID and EUID were both non-zero, it was possible to regain the
+      shell's former privileges by e.g. assigning to the EUID or EGID
+      parameter.
+
+ -- Axel Beckert <abe@debian.org>  Sun, 16 Feb 2020 03:29:19 +0100
+
 zsh (5.7.1-test-3-1) experimental; urgency=low
 
   * [643de931,74561cc5] New upstream release candidate
author	Axel Beckert <abe@deuxchevaux.org>	2020-02-16 03:29:19 +0100
committer	Axel Beckert <abe@deuxchevaux.org>	2020-02-16 17:58:33 +0100
commit	a051a4c173dc20a3cf09a3f63e3e339736eb6753 (patch)
tree	de7ebee3f7f9cd734b0500958ea8a39bf23ea1c3
parent	2794556a41b50f635b6aa49c32fc6ca7bc08c901 (diff)
download	zsh-a051a4c173dc20a3cf09a3f63e3e339736eb6753.tar.gz zsh-a051a4c173dc20a3cf09a3f63e3e339736eb6753.zip