[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#66390: `man' allows to inject arbitrary shell code
From: |
Andreas Schwab |
Subject: |
bug#66390: `man' allows to inject arbitrary shell code |
Date: |
Tue, 10 Oct 2023 18:21:34 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) |
On Okt 10 2023, lux wrote:
> + ;; see Bug#66390
> + (mapconcat 'identity
> + (mapcar #'shell-quote-argument
> + (split-string ref " "))
You need to split on arbitrary sequences of whitespace to not introduce
spurious empty arguments.
--
Andreas Schwab, schwab@linux-m68k.org
GPG Key fingerprint = 7578 EB47 D4E5 4D69 2510 2552 DF73 E780 A9DA AEC1
"And now for something completely different."
- bug#66390: `man' allows to inject arbitrary shell code, (continued)
- bug#66390: `man' allows to inject arbitrary shell code, Eli Zaretskii, 2023/10/09
- bug#66390: `man' allows to inject arbitrary shell code, Ihor Radchenko, 2023/10/09
- bug#66390: `man' allows to inject arbitrary shell code, Andreas Schwab, 2023/10/09
- bug#66390: `man' allows to inject arbitrary shell code, lux, 2023/10/09
- bug#66390: `man' allows to inject arbitrary shell code, Stefan Kangas, 2023/10/10
- bug#66390: `man' allows to inject arbitrary shell code, Eli Zaretskii, 2023/10/10
- bug#66390: `man' allows to inject arbitrary shell code, Stefan Kangas, 2023/10/10
- bug#66390: `man' allows to inject arbitrary shell code, Max Nikulin, 2023/10/10
- bug#66390: `man' allows to inject arbitrary shell code, Max Nikulin, 2023/10/10
- bug#66390: `man' allows to inject arbitrary shell code, lux, 2023/10/10
- bug#66390: `man' allows to inject arbitrary shell code,
Andreas Schwab <=
- bug#66390: `man' allows to inject arbitrary shell code, lux, 2023/10/10
- bug#66390: `man' allows to inject arbitrary shell code, Max Nikulin, 2023/10/11
- bug#66390: `man' allows to inject arbitrary shell code, Stefan Kangas, 2023/10/20
- bug#66390: `man' allows to inject arbitrary shell code, Eli Zaretskii, 2023/10/21
- bug#66390: `man' allows to inject arbitrary shell code, Andreas Schwab, 2023/10/21
- bug#66390: `man' allows to inject arbitrary shell code, Eli Zaretskii, 2023/10/21
- bug#66390: `man' allows to inject arbitrary shell code, Stefan Kangas, 2023/10/21
- bug#66390: `man' allows to inject arbitrary shell code, Richard Stallman, 2023/10/08
- bug#66390: `man' allows to inject arbitrary shell code, Eli Zaretskii, 2023/10/09
- bug#66390: `man' allows to inject arbitrary shell code, Richard Stallman, 2023/10/10