44 lines
1.4 KiB
Diff
44 lines
1.4 KiB
Diff
|
From 4bd30419c5f404f2a108c5a6bbda0e40551ffd24 Mon Sep 17 00:00:00 2001
|
||
|
|
From: Rex Dieter <rdieter@math.unl.edu>
|
||
|
|
Date: Tue, 6 Jan 2015 17:39:05 -0600
|
||
|
|
Subject: [PATCH 3/3] xdg-open: command injection vulnerability (BR66670)
|
||
|
|
|
||
|
|
---
|
||
|
|
ChangeLog | 3 +++
|
||
|
|
scripts/xdg-open.in | 4 ++--
|
||
|
|
2 files changed, 5 insertions(+), 2 deletions(-)
|
||
|
|
|
||
|
|
diff --git a/ChangeLog b/ChangeLog
|
||
|
|
index 735fee7..65df80c 100644
|
||
|
|
--- a/ChangeLog
|
||
|
|
+++ b/ChangeLog
|
||
|
|
@@ -1,5 +1,8 @@
|
||
|
|
=== xdg-utils 1.1.x ===
|
||
|
|
|
||
|
|
+2015-01-06 Rex Dieter <rdieter@fedoraproject.org>
|
||
|
|
+ * xdg-open: command injection vulnerability (BR66670)
|
||
|
|
+
|
||
|
|
2015-01-04 Rex Dieter <rdieter@fedoraproject.org>
|
||
|
|
* xdg-screensaver should control X11's screensaver in xfce as fallback (BR80089)
|
||
|
|
|
||
|
|
diff --git a/scripts/xdg-open.in b/scripts/xdg-open.in
|
||
|
|
index c12dcdd..b6045f8 100644
|
||
|
|
--- a/scripts/xdg-open.in
|
||
|
|
+++ b/scripts/xdg-open.in
|
||
|
|
@@ -193,10 +193,10 @@ search_desktop_file()
|
||
|
|
if [ -x "$command_exec" ] ; then
|
||
|
|
if echo "$arguments" | grep -iq '%[fFuU]' ; then
|
||
|
|
echo START "$command_exec" "$arguments_exec"
|
||
|
|
- eval "$command_exec" "$arguments_exec"
|
||
|
|
+ eval "'$command_exec'" "'$arguments_exec'"
|
||
|
|
else
|
||
|
|
echo START "$command_exec" "$arguments_exec" "$arg"
|
||
|
|
- eval "$command_exec" "$arguments_exec" "$arg"
|
||
|
|
+ eval "'$command_exec'" "'$arguments_exec'" "'$arg'"
|
||
|
|
fi
|
||
|
|
|
||
|
|
if [ $? -eq 0 ]; then
|
||
|
|
--
|
||
|
|
2.1.0
|
||
|
|
|