https://www.zsh.org/mla/announce/msg00133.html https://bugs.gentoo.org/833252 From the release announcement: >This is a stable security release with a few bug fixes, including one >for CVE-2021-45444, a vulnerability in prompt expansion which could be >exploited through e.g. VCS_Info to execute arbitrary shell commands >without a user's knowledge. All sites are encouraged to update from >zsh 5.8. A partial work-around which can be applied within a running >shell is provided in the source distribution for those who are unable >to update their shell binaries.
Created zsh tracking bugs for this issue: Affects: fedora-all [bug 2054090]
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:2120 https://access.redhat.com/errata/RHSA-2022:2120
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-45444