Fix ruby-mode.el local command injection vulnerability
Resolves: #2175142
This commit is contained in:
parent
5d4251db80
commit
dacb373157
28
emacs-ruby-mode-local-command-injection-vulnerability.patch
Normal file
28
emacs-ruby-mode-local-command-injection-vulnerability.patch
Normal file
@ -0,0 +1,28 @@
|
||||
From 9a3b08061feea14d6f37685ca1ab8801758bfd1c Mon Sep 17 00:00:00 2001
|
||||
From: Xi Lu <lx@shellcodes.org>
|
||||
Date: Fri, 23 Dec 2022 12:52:48 +0800
|
||||
Subject: [PATCH] Fix ruby-mode.el local command injection vulnerability
|
||||
(bug#60268)
|
||||
|
||||
* lisp/progmodes/ruby-mode.el
|
||||
(ruby-find-library-file): Fix local command injection vulnerability.
|
||||
---
|
||||
lisp/progmodes/ruby-mode.el | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lisp/progmodes/ruby-mode.el b/lisp/progmodes/ruby-mode.el
|
||||
index 1f3e9b6ae7b..a4aa61905e4 100644
|
||||
--- a/lisp/progmodes/ruby-mode.el
|
||||
+++ b/lisp/progmodes/ruby-mode.el
|
||||
@@ -1820,7 +1820,7 @@ ruby-find-library-file
|
||||
(setq feature-name (read-string "Feature name: " init))))
|
||||
(let ((out
|
||||
(substring
|
||||
- (shell-command-to-string (concat "gem which " feature-name))
|
||||
+ (shell-command-to-string (concat "gem which " (shell-quote-argument feature-name)))
|
||||
0 -1)))
|
||||
(if (string-match-p "\\`ERROR" out)
|
||||
(user-error "%s" out)
|
||||
--
|
||||
2.36.1
|
||||
|
@ -31,6 +31,7 @@ Patch4: emacs-ctags-local-command-execute-vulnerability.patch
|
||||
Patch5: emacs-64KB-page-size-for-pdump.patch
|
||||
Patch6: emacs-etags-local-command-injection-vulnerability.patch
|
||||
Patch7: emacs-htmlfontify-command-injection-vulnerability.patch
|
||||
Patch8: emacs-ruby-mode-local-command-injection-vulnerability.patch
|
||||
BuildRequires: gcc
|
||||
BuildRequires: atk-devel
|
||||
BuildRequires: cairo-devel
|
||||
@ -197,6 +198,7 @@ Development header files for Emacs.
|
||||
%patch5 -p1 -b .64KB-page-size-for-pdump
|
||||
%patch6 -p1 -b .etags-local-command-injection-vulnerability
|
||||
%patch7 -p1 -b .htmlfontify-command-injection-vulnerability
|
||||
%patch8 -p1 -b .ruby-mode-local-command-injection-vulnerability
|
||||
autoconf
|
||||
|
||||
# We prefer our emacs.desktop file
|
||||
|
Loading…
Reference in New Issue
Block a user