vim/SOURCES/0001-patch-9.2.0479-security-runtime-tar-command-injecti.patch
2026-07-13 03:58:18 -04:00

38 lines
1.3 KiB
Diff

From 448ae03067c85a48c9c73517fb9f7046be3ed200 Mon Sep 17 00:00:00 2001
From: RHEL Packaging Agent <redhat-ymir-agent@redhat.com>
Date: Wed, 3 Jun 2026 10:56:51 +0000
Subject: [PATCH] patch 9.2.0479: [security]: runtime(tar): command injection
in tar plugin
Problem: [security]: runtime(tar): command injection in tar plugin
(Christopher Lusk)
Solution: Use the correct shellescape(args, 1) form for a :! command
Github Advisory:
https://github.com/vim/vim/security/advisories/GHSA-2fpv-9ff7-xg5w
Signed-off-by: Christian Brabandt <cb@256bit.org>
---
runtime/autoload/tar.vim | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/runtime/autoload/tar.vim b/runtime/autoload/tar.vim
index e320b9a..b60e94a 100644
--- a/runtime/autoload/tar.vim
+++ b/runtime/autoload/tar.vim
@@ -588,9 +588,9 @@ fun! tar#Vimuntar(...)
" if necessary, decompress the tarball; then, extract it
if tartail =~ '\.tgz'
if executable("gunzip")
- silent exe "!gunzip ".shellescape(tartail)
+ silent exe "!gunzip ".shellescape(tartail, 1)
elseif executable("gzip")
- silent exe "!gzip -d ".shellescape(tartail)
+ silent exe "!gzip -d ".shellescape(tartail, 1)
else
echoerr "unable to decompress<".tartail."> on this sytem"
if simplify(curdir) != simplify(tarhome)
--
2.52.0