Debian
fish package

Security update: fish version 2.1.1

Bug #1282631 reported by Lorenzo Villani
260
This bug affects 2 people
Affects Status Importance Assigned to Milestone
fish (Debian)
Fix Released
Unknown
fish (Ubuntu)
Fix Released
Undecided
Unassigned
Trusty
Confirmed
Undecided
Unassigned

Bug Description

~~Please update the fish package to version 2.1.~~

See https://bugs.launchpad.net/ubuntu/+source/fish/+bug/1282631/comments/4 for security-related update.

The official PPA contains the update https://launchpad.net/~fish-shell/+archive/release-2

See original description
Lorenzo Villani (lvillani)
tags: added: upgrade-software-version
Revision history for this message
Lorenzo Villani (lvillani) wrote :

I'm volunteering co-maintainership of the package if needed.

Bug Watch Updater (bug-watch-updater)
Changed in fish (Debian):
status: Unknown → New
Revision history for this message
Jackson Doak (noskcaj) wrote :

Since we sync this directly from debian, that's the place to co-maintain it.

David (lofidevops)
summary: - Update fish package to version 2.1
+ Update fish package to version 2.1.1 (security update)
Revision history for this message
Launchpad Janitor (janitor) wrote : Re: Update fish package to version 2.1.1 (security update)

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in fish (Ubuntu):
status: New → Confirmed
Revision history for this message
David (lofidevops) wrote :

According to https://launchpad.net/ubuntu/+source/fish the following versions of fish are in supported releases:

 * trusty: 2.0.0
 * utopic: 2.1.0
 * vivid: 2.1.0

The 2.x line has security issues only resolved in 2.1.1. Precise and earlier have much older versions (1.23.1) - I don't think these need to be updated, afaik 1.x is a substantially different codebase - but maintainer would know better than me.

oss-sec announcement and release notes:

 * http://seclists.org/oss-sec/2014/q3/799
 * http://fishshell.com/release_notes.html

Debian has not yet updated, but related requests are here:

 * https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730683#10
 * https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746259

tags: added: security
information type: Public → Public Security
David (lofidevops)
summary: - Update fish package to version 2.1.1 (security update)
+ Security update: fish version 2.1.1
description: updated
Bug Watch Updater (bug-watch-updater)
Changed in fish (Debian):
status: New → Fix Released
Jeremy Bícha (jbicha)
Changed in fish (Ubuntu):
status: Confirmed → Fix Released
Changed in fish (Ubuntu Trusty):
status: New → Confirmed
tags: added: trusty
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.