git: patch - Fix shell injection vulnerability
Matthew Dillon
dillon at crater.dragonflybsd.org
Fri Aug 14 20:30:58 PDT 2015
commit e4bdac6bd0bece3ae6b3233ad260e8e82d21ba76
Author: Matthew Dillon <dillon at apollo.backplane.com>
Date: Fri Aug 14 20:29:32 2015 -0700
patch - Fix shell injection vulnerability
* Fix shell injection vulnerability in patch(1) via ed(1) by
tightening sanity check of the input. [1]
* While I'm there also replace ed(1) with red(1) because we do
not need the unrestricted functionality.
Obtained from: Bitrig [1], and discussions w/ FreeBSD
Security: CVE-2015-1418 [1]
Summary of changes:
usr.bin/patch/pathnames.h | 2 +-
usr.bin/patch/pch.c | 16 ++++++++++++++--
2 files changed, 15 insertions(+), 3 deletions(-)
http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/e4bdac6bd0bece3ae6b3233ad260e8e82d21ba76
--
DragonFly BSD source repository
More information about the Commits
mailing list