CVE-2014-10070

Name	CVE-2014-10070
Description	zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment (instead of treating them as literal numbers). That could allow local privilege escalation, under some specific and atypical conditions where zsh is being invoked in privilege-elevation contexts when the environment has not been properly sanitized, such as when zsh is invoked by sudo on systems where "env_reset" has been disabled.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DLA-1304-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
zsh (PTS)	jessie, jessie (lts)	5.0.7-5+deb8u4	fixed
	stretch (security), stretch (lts), stretch	5.3.1-4+deb9u5	fixed
	buster, buster (security)	5.7.1-1+deb10u1	fixed
	bullseye (security), bullseye	5.8-6+deb11u1	fixed
	bookworm	5.9-4	fixed
	sid, trixie	5.9-6	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
zsh	source	wheezy	4.3.17-1+deb7u1		DLA-1304-1
zsh	source	(unstable)	5.0.7-3

https://sourceforge.net/p/zsh/code/ci/546203a770cec329e73781c3c8ab1078390aee72