+ Fish: User-assisted execution of arbitrary code
+ A vulnerability was discovered in Fish when handling git repository configuration that may lead to execution of arbitrary code
+ fish
+ 2023-09-29
+ 2023-09-29
+ 835337
+ local
+
+
+ 3.4.0
+ 3.4.0
+
+
+
+ Smart and user-friendly command line shell for macOS, Linux, and the rest of the family. It includes features like syntax highlighting, autosuggest-as-you-type, and fancy tab completions that just work, with no configuration required.
+
+
+ A vulnerability have been discovered in Fish. Please review the CVE identifiers referenced below for details.
+
+
+ A user may be enticed to cd into a git repository under control by an attacker (e.g. on a shared filesystem or by unpacking an archive) and execute arbitrary commands.
+
+
+ There is no known workaround at this time.
+
+
+ All fish users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-shells/fish-3.4.0"
+
+
+
+ CVE-2022-20001
+
+ graaff
+ graaff
+
\ No newline at end of file
diff --git a/metadata/glsa/glsa-202309-11.xml b/metadata/glsa/glsa-202309-11.xml
new file mode 100644
index 000000000000..91f9f39a8d3f
--- /dev/null
+++ b/metadata/glsa/glsa-202309-11.xml
@@ -0,0 +1,43 @@
+
+
+