GNU bug report logs - #59817
[PATCH] Fix etags local command injection vulnerability

Previous Next

Package: emacs;

Reported by: lux <lx <at> shellcodes.org>

Date: Sun, 4 Dec 2022 13:52:01 UTC

Severity: normal

Tags: patch

Done: Eli Zaretskii <eliz <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: lux <lx <at> shellcodes.org>
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: Stefan Kangas <stefankangas <at> gmail.com>, 59817 <at> debbugs.gnu.org
Subject: bug#59817: [PATCH] Fix etags local command injection vulnerability
Date: Tue, 6 Dec 2022 15:48:10 +0800

[Message part 1 (text/plain, inline)]

On Mon, 05 Dec 2022 14:34:58 +0200
Eli Zaretskii <eliz <at> gnu.org> wrote:

> There's no reason to try detecting which characters are dangerous and
> which aren't.  We should instead quote all the file names that come
> from outside of the program, so that what's inside the quotes is
> interpreted verbatim.

Thanks, this is new patch.

[0001-Fix-etags-local-command-injection-vulnerability.patch (text/x-patch, attachment)]

This bug report was last modified 2 years and 167 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #59817 [PATCH] Fix etags local command injection vulnerability

GNU bug report logs - #59817
[PATCH] Fix etags local command injection vulnerability