Bug 1729997 - Regression introduced by CVE-2017-18206
Summary: Regression introduced by CVE-2017-18206
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: zsh
Version: 7.6
Hardware: All
OS: Linux
Target Milestone: rc
: ---
Assignee: Kamil Dudka
QA Contact: Karel Volný
Depends On:
TreeView+ depends on / blocked
Reported: 2019-07-15 14:23 UTC by Renaud Métrich
Modified: 2020-03-31 19:38 UTC (History)
2 users (show)

Fixed In Version: zsh-5.0.2-34.el7
Doc Type: No Doc Update
Doc Text:
Clone Of:
Last Closed: 2020-03-31 19:38:32 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2020:0985 0 None None None 2020-03-31 19:38:36 UTC

Description Renaud Métrich 2019-07-15 14:23:39 UTC
Description of problem:

A customer reported a regression in zsh-5.0.2-31.el7.x86_64 compared to zsh-5.0.2-28.el7.x86_64 around "chaselinks" option:

$ unsetopt chaselinks; cd /
$ setopt chaselinks; cd /
zsh: path expansion failed, using root directory

Version-Release number of selected component (if applicable):


How reproducible:

Always, see above with zsh-5.0.2-31.el7.x86_64

Additional info:

Patch 34 (zsh-5.0.2-CVE-2014-10072.patch) introduces the regression.
I was able to fix it by backporting some additional code.

Comment 3 Kamil Dudka 2019-07-15 15:14:13 UTC
Thank you for debugging it and providing the patch!  It looks good to me.

Comment 9 errata-xmlrpc 2020-03-31 19:38:32 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.