Summary: | app-arch/gzip zgrep issue (CAN-2005-0758) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sune Kloppenborg Jeppesen (RETIRED) <jaervosz> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
Whiteboard: | A3 [glsa] jaervosz | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 89946 | ||
Bug Blocks: |
Description
Sune Kloppenborg Jeppesen (RETIRED)
2005-04-27 08:28:31 UTC
And the proposed patch by Red Hat: --- zgrep.in +++ zgrep.in @@ -24,7 +24,7 @@ And the proposed patch by Red Hat: --- zgrep.in +++ zgrep.in @@ -24,7 +24,7 @@ PATH="BINDIR:$PATH"; export PATH -prog=`echo $0 | sed 's|.*/||'` +prog=`echo "$0" | sed 's|.*/||'` case "$prog" in *egrep) grep=${EGREP-egrep -a} ;; *fgrep) grep=${FGREP-fgrep -a} ;; @@ -112,12 +112,15 @@ fi $uncompress -cdfq "$i" | if test $files_with_matches -eq 1; then - $grep $opt "$pat" > /dev/null && echo $i + $grep $opt "$pat" > /dev/null && printf "%s\n" "$i" elif test $files_without_matches -eq 1; then - $grep $opt "$pat" > /dev/null || echo $i + $grep $opt "$pat" > /dev/null || printf "%s\n" "$i" elif test $with_filename -eq 0 && { test $# -eq 1 || test $no_filename -eq 1; }; then $grep $opt "$pat" else + i=${i//\\/\\\\} + i=${i//|/\\|} + i=${i//&/\\&} if test $with_filename -eq 1; then sed_script="s|^[^:]*:|${i}:|" else gzip-1.3.5-r6 now in portage with the fix also we can probably open the bug considering redhat has the fix in their public cvs Opening. GLSA 200505-05 |