Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:AndreasSchwab:emacs:30
emacs
CVE-2022-48339.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2022-48339.patch of Package emacs
From 807d2d5b3a7cd1d0e3f7dd24de22770f54f5ae16 Mon Sep 17 00:00:00 2001 From: Xi Lu <lx@shellcodes.org> Date: Sat, 24 Dec 2022 16:28:54 +0800 Subject: [PATCH] Fix htmlfontify.el command injection vulnerability. * lisp/htmlfontify.el (hfy-text-p): Fix command injection vulnerability. (Bug#60295) (cherry picked from commit 1b4dc4691c1f87fc970fbe568b43869a15ad0d4c) --- lisp/htmlfontify.el | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- lisp/htmlfontify.el +++ lisp/htmlfontify.el 2023-02-21 09:29:25.659392628 +0000 @@ -1912,7 +1912,7 @@ Hardly bombproof, but good enough in the (defun hfy-text-p (srcdir file) "Is SRCDIR/FILE text? Uses `hfy-istext-command' to determine this." - (let* ((cmd (format hfy-istext-command (expand-file-name file srcdir))) + (let* ((cmd (format hfy-istext-command (shell-quote-argument (expand-file-name file srcdir)))) (rsp (shell-command-to-string cmd))) (string-match "text" rsp)))
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor