Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/zsh@5.9-4?distro=trixie
purl pkg:deb/debian/zsh@5.9-4?distro=trixie
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (16)
Vulnerability Summary Aliases
VCID-5afp-axa4-fyh8 zsh: insecure dropping of privileges when unsetting PRIVILEGED option CVE-2019-20044
VCID-76vv-2fcf-vuct zsh: crash on copying empty hash table CVE-2018-7549
VCID-8yxh-yjg6-xfee CVE-2018-1083
VCID-cg4b-6e8x-q3df zsh: buffer overrun in symlinks CVE-2017-18206
VCID-d9zf-55es-e7gd zsh: Off-by-one error results in undersized buffers CVE-2016-10714
VCID-e99p-x9s7-cbgq zsh: buffer overflow in utils.c:checkmailpath() can lead to local arbitrary code execution CVE-2018-1100
VCID-ehx1-5ude-hycd zsh: Prompt expansion vulnerability CVE-2021-45444
VCID-k4yz-hdfb-q3eu zsh: buffer overflow for very long fds in >& fd syntax CVE-2014-10071
VCID-kwt6-yg77-vqha zsh: Improper handling of shebang line longer than 64 CVE-2018-13259
VCID-mduk-jw51-9bbn CVE-2018-1071
VCID-qcfe-3gqk-1khn zsh insecure /tmp file usage CVE-2007-6209
VCID-uxpx-5d4y-nfhc zsh: buffer overflow when scanning very long directory paths for symbolic links CVE-2014-10072
VCID-vup3-6dz7-3fb9 zsh: privilege escalation via environment variables CVE-2014-10070
VCID-yd6c-52h4-p3e2 zsh: NULL dereference in cd in sh compatibility mode under given circumstances CVE-2017-18205
VCID-ys6n-9d6g-83bf zsh: null-pointer deref when using ${(PA)...} on an empty array result CVE-2018-7548
VCID-zgvj-sr46-nyg3 zsh: Improper parsing of the shebang line with special chars CVE-2018-0502

Date Actor Action Vulnerability Source VulnerableCode Version
2026-05-29T17:17:54.877440+00:00 Debian Importer Fixing VCID-ehx1-5ude-hycd https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-29T17:17:54.854863+00:00 Debian Importer Fixing VCID-5afp-axa4-fyh8 https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-29T17:17:54.832573+00:00 Debian Importer Fixing VCID-76vv-2fcf-vuct https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-29T17:17:54.813945+00:00 Debian Importer Fixing VCID-ys6n-9d6g-83bf https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-29T17:17:54.792406+00:00 Debian Importer Fixing VCID-kwt6-yg77-vqha https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-29T17:17:54.769299+00:00 Debian Importer Fixing VCID-e99p-x9s7-cbgq https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-29T17:17:54.746610+00:00 Debian Importer Fixing VCID-8yxh-yjg6-xfee https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-29T17:17:54.721503+00:00 Debian Importer Fixing VCID-mduk-jw51-9bbn https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-29T17:17:54.698315+00:00 Debian Importer Fixing VCID-zgvj-sr46-nyg3 https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-29T17:17:54.679179+00:00 Debian Importer Fixing VCID-cg4b-6e8x-q3df https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-29T17:17:54.659549+00:00 Debian Importer Fixing VCID-yd6c-52h4-p3e2 https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-29T17:17:54.640374+00:00 Debian Importer Fixing VCID-d9zf-55es-e7gd https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-29T17:17:54.619776+00:00 Debian Importer Fixing VCID-uxpx-5d4y-nfhc https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-29T17:17:54.599448+00:00 Debian Importer Fixing VCID-k4yz-hdfb-q3eu https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-29T17:17:54.580017+00:00 Debian Importer Fixing VCID-vup3-6dz7-3fb9 https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-05-29T17:17:54.557140+00:00 Debian Importer Fixing VCID-qcfe-3gqk-1khn https://security-tracker.debian.org/tracker/data/json 38.6.0