[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#66390: `man' allows to inject arbitrary shell code
From: |
lux |
Subject: |
bug#66390: `man' allows to inject arbitrary shell code |
Date: |
Wed, 11 Oct 2023 11:08:34 +0800 |
User-agent: |
Evolution 3.50.0-1 |
On Tue, 2023-10-10 at 18:21 +0200, Andreas Schwab wrote:
> On Okt 10 2023, lux wrote:
>
> > + ;; see Bug#66390
> > + (mapconcat 'identity
> > + (mapcar #'shell-quote-argument
> > + (split-string ref " "))
>
> You need to split on arbitrary sequences of whitespace to not introduce
> spurious empty arguments.
>
Thanks, I've modified it to (split-string ref "\\s-+").
0001-Fix-man.el-code-injection-vulnerability.patch
Description: Text Data
- bug#66390: `man' allows to inject arbitrary shell code, (continued)
- bug#66390: `man' allows to inject arbitrary shell code, Ihor Radchenko, 2023/10/09
- bug#66390: `man' allows to inject arbitrary shell code, Andreas Schwab, 2023/10/09
- bug#66390: `man' allows to inject arbitrary shell code, lux, 2023/10/09
- bug#66390: `man' allows to inject arbitrary shell code, Stefan Kangas, 2023/10/10
- bug#66390: `man' allows to inject arbitrary shell code, Eli Zaretskii, 2023/10/10
- bug#66390: `man' allows to inject arbitrary shell code, Stefan Kangas, 2023/10/10
- bug#66390: `man' allows to inject arbitrary shell code, Max Nikulin, 2023/10/10
- bug#66390: `man' allows to inject arbitrary shell code, Max Nikulin, 2023/10/10
- bug#66390: `man' allows to inject arbitrary shell code, lux, 2023/10/10
- bug#66390: `man' allows to inject arbitrary shell code, Andreas Schwab, 2023/10/10
- bug#66390: `man' allows to inject arbitrary shell code,
lux <=
- bug#66390: `man' allows to inject arbitrary shell code, Max Nikulin, 2023/10/11
- bug#66390: `man' allows to inject arbitrary shell code, Stefan Kangas, 2023/10/20
- bug#66390: `man' allows to inject arbitrary shell code, Eli Zaretskii, 2023/10/21
- bug#66390: `man' allows to inject arbitrary shell code, Andreas Schwab, 2023/10/21
- bug#66390: `man' allows to inject arbitrary shell code, Eli Zaretskii, 2023/10/21
- bug#66390: `man' allows to inject arbitrary shell code, Stefan Kangas, 2023/10/21
- bug#66390: `man' allows to inject arbitrary shell code, Richard Stallman, 2023/10/08
- bug#66390: `man' allows to inject arbitrary shell code, Eli Zaretskii, 2023/10/09
- bug#66390: `man' allows to inject arbitrary shell code, Richard Stallman, 2023/10/10
- bug#66390: `man' allows to inject arbitrary shell code, Max Nikulin, 2023/10/11