Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 587036 Details for
Bug 690136
<sys-devel/patch-2.7.6-r4: multiple vulnerabilities
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch-2.7.6-CVE-2019-13638.patch
patch-2.7.6-CVE-2019-13638.patch (text/plain), 1.16 KB, created by
Teika kazura
on 2019-08-16 08:09:36 UTC
(
hide
)
Description:
patch-2.7.6-CVE-2019-13638.patch
Filename:
MIME Type:
Creator:
Teika kazura
Created:
2019-08-16 08:09:36 UTC
Size:
1.16 KB
patch
obsolete
>From 3fcd042d26d70856e826a42b5f93dc4854d80bf0 Mon Sep 17 00:00:00 2001 >From: Andreas Gruenbacher <agruen@gnu.org> >Date: Fri, 6 Apr 2018 19:36:15 +0200 >Subject: Invoke ed directly instead of using the shell > >* src/pch.c (do_ed_script): Invoke ed directly instead of using a shell >command to avoid quoting vulnerabilities. >--- > src/pch.c | 6 ++---- > 1 file changed, 2 insertions(+), 4 deletions(-) > >diff --git a/src/pch.c b/src/pch.c >index 4fd5a05..16e001a 100644 >--- a/src/pch.c >+++ b/src/pch.c >@@ -2459,9 +2459,6 @@ do_ed_script (char const *inname, char const *outname, > *outname_needs_removal = true; > copy_file (inname, outname, 0, exclusive, instat.st_mode, true); > } >- sprintf (buf, "%s %s%s", editor_program, >- verbosity == VERBOSE ? "" : "- ", >- outname); > fflush (stdout); > > pid = fork(); >@@ -2470,7 +2467,8 @@ do_ed_script (char const *inname, char const *outname, > else if (pid == 0) > { > dup2 (tmpfd, 0); >- execl ("/bin/sh", "sh", "-c", buf, (char *) 0); >+ assert (outname[0] != '!' && outname[0] != '-'); >+ execlp (editor_program, editor_program, "-", outname, (char *) NULL); > _exit (2); > } > else >-- >cgit v1.0-41-gc330 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 690136
:
587032
|
587034
| 587036