Fix ruby-mode.el local command injection vulnerability
Resolves: #2175142
This commit is contained in:
parent
5d4251db80
commit
dacb373157
28
emacs-ruby-mode-local-command-injection-vulnerability.patch
Normal file
28
emacs-ruby-mode-local-command-injection-vulnerability.patch
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
From 9a3b08061feea14d6f37685ca1ab8801758bfd1c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Xi Lu <lx@shellcodes.org>
|
||||||
|
Date: Fri, 23 Dec 2022 12:52:48 +0800
|
||||||
|
Subject: [PATCH] Fix ruby-mode.el local command injection vulnerability
|
||||||
|
(bug#60268)
|
||||||
|
|
||||||
|
* lisp/progmodes/ruby-mode.el
|
||||||
|
(ruby-find-library-file): Fix local command injection vulnerability.
|
||||||
|
---
|
||||||
|
lisp/progmodes/ruby-mode.el | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/lisp/progmodes/ruby-mode.el b/lisp/progmodes/ruby-mode.el
|
||||||
|
index 1f3e9b6ae7b..a4aa61905e4 100644
|
||||||
|
--- a/lisp/progmodes/ruby-mode.el
|
||||||
|
+++ b/lisp/progmodes/ruby-mode.el
|
||||||
|
@@ -1820,7 +1820,7 @@ ruby-find-library-file
|
||||||
|
(setq feature-name (read-string "Feature name: " init))))
|
||||||
|
(let ((out
|
||||||
|
(substring
|
||||||
|
- (shell-command-to-string (concat "gem which " feature-name))
|
||||||
|
+ (shell-command-to-string (concat "gem which " (shell-quote-argument feature-name)))
|
||||||
|
0 -1)))
|
||||||
|
(if (string-match-p "\\`ERROR" out)
|
||||||
|
(user-error "%s" out)
|
||||||
|
--
|
||||||
|
2.36.1
|
||||||
|
|
@ -31,6 +31,7 @@ Patch4: emacs-ctags-local-command-execute-vulnerability.patch
|
|||||||
Patch5: emacs-64KB-page-size-for-pdump.patch
|
Patch5: emacs-64KB-page-size-for-pdump.patch
|
||||||
Patch6: emacs-etags-local-command-injection-vulnerability.patch
|
Patch6: emacs-etags-local-command-injection-vulnerability.patch
|
||||||
Patch7: emacs-htmlfontify-command-injection-vulnerability.patch
|
Patch7: emacs-htmlfontify-command-injection-vulnerability.patch
|
||||||
|
Patch8: emacs-ruby-mode-local-command-injection-vulnerability.patch
|
||||||
BuildRequires: gcc
|
BuildRequires: gcc
|
||||||
BuildRequires: atk-devel
|
BuildRequires: atk-devel
|
||||||
BuildRequires: cairo-devel
|
BuildRequires: cairo-devel
|
||||||
@ -197,6 +198,7 @@ Development header files for Emacs.
|
|||||||
%patch5 -p1 -b .64KB-page-size-for-pdump
|
%patch5 -p1 -b .64KB-page-size-for-pdump
|
||||||
%patch6 -p1 -b .etags-local-command-injection-vulnerability
|
%patch6 -p1 -b .etags-local-command-injection-vulnerability
|
||||||
%patch7 -p1 -b .htmlfontify-command-injection-vulnerability
|
%patch7 -p1 -b .htmlfontify-command-injection-vulnerability
|
||||||
|
%patch8 -p1 -b .ruby-mode-local-command-injection-vulnerability
|
||||||
autoconf
|
autoconf
|
||||||
|
|
||||||
# We prefer our emacs.desktop file
|
# We prefer our emacs.desktop file
|
||||||
|
Loading…
Reference in New Issue
Block a user