{"affected":[{"ecosystem_specific":{"binaries":[{"zsh":"5.6-3.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15","name":"zsh","purl":"pkg:rpm/suse/zsh&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"5.6-3.6.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for zsh to version 5.6 fixes the following security issues:\n\n- CVE-2018-0502: The beginning of a #! script file was mishandled, potentially\n  leading to an execve call to a program named on the second line (bsc#1107296).\n- CVE-2018-13259: Shebang lines exceeding 64 characters were truncated,\n  potentially leading to an execve call to a program name that is a substring of\n  the intended one (bsc#1107294).\n","id":"SUSE-SU-2018:2686-1","modified":"2018-09-11T13:00:06Z","published":"2018-09-11T13:00:06Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20182686-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1107294"},{"type":"REPORT","url":"https://bugzilla.suse.com/1107296"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-0502"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-13259"}],"related":["CVE-2018-0502","CVE-2018-13259"],"summary":"Security update for zsh","upstream":["CVE-2018-0502","CVE-2018-13259"]}