[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
emacs-28 807d2d5b3a7 1/8: Fix htmlfontify.el command injection vulnerabi
From: |
Stefan Kangas |
Subject: |
emacs-28 807d2d5b3a7 1/8: Fix htmlfontify.el command injection vulnerability. |
Date: |
Fri, 17 Feb 2023 05:23:14 -0500 (EST) |
branch: emacs-28
commit 807d2d5b3a7cd1d0e3f7dd24de22770f54f5ae16
Author: Xi Lu <lx@shellcodes.org>
Commit: Stefan Kangas <stefankangas@gmail.com>
Fix htmlfontify.el command injection vulnerability.
* lisp/htmlfontify.el (hfy-text-p): Fix command injection
vulnerability. (Bug#60295)
(cherry picked from commit 1b4dc4691c1f87fc970fbe568b43869a15ad0d4c)
---
lisp/htmlfontify.el | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lisp/htmlfontify.el b/lisp/htmlfontify.el
index 115f67c9560..f8d1e205369 100644
--- a/lisp/htmlfontify.el
+++ b/lisp/htmlfontify.el
@@ -1882,7 +1882,7 @@ Hardly bombproof, but good enough in the context in which
it is being used."
(defun hfy-text-p (srcdir file)
"Is SRCDIR/FILE text? Use `hfy-istext-command' to determine this."
- (let* ((cmd (format hfy-istext-command (expand-file-name file srcdir)))
+ (let* ((cmd (format hfy-istext-command (shell-quote-argument
(expand-file-name file srcdir))))
(rsp (shell-command-to-string cmd)))
(string-match "text" rsp)))
- emacs-28 updated (ae9bfed50db -> f7bd5ac5521), Stefan Kangas, 2023/02/17
- emacs-28 e61d743d440 6/8: Update NEWS for Emacs 28.3, Stefan Kangas, 2023/02/17
- emacs-28 5d05ea803e9 3/8: Fixed ctags local command execute vulnerability, Stefan Kangas, 2023/02/17
- emacs-28 22fb5ff5126 2/8: Fix ruby-mode.el local command injection vulnerability (bug#60268), Stefan Kangas, 2023/02/17
- emacs-28 ba3aba3096a 7/8: Bump Emacs version to 28.3, Stefan Kangas, 2023/02/17
- emacs-28 e339926272a 4/8: Fix etags local command injection vulnerability, Stefan Kangas, 2023/02/17
- emacs-28 f7bd5ac5521 8/8: Update HISTORY for Emacs 28.3, Stefan Kangas, 2023/02/17
- emacs-28 807d2d5b3a7 1/8: Fix htmlfontify.el command injection vulnerability.,
Stefan Kangas <=
- emacs-28 4a77fcb1478 5/8: Update ChangeLog and AUTHORS for Emacs 28.3, Stefan Kangas, 2023/02/17