git: DragonFly_RELEASE_4_2 patch - Fix shell injection vulnerability

Matthew Dillon dillon at crater.dragonflybsd.org
Fri Aug 14 20:31:39 PDT 2015


commit c4c851315d327b28f126d16bca30e3e30effc533
Author: Matthew Dillon <dillon at apollo.backplane.com>
Date:   Fri Aug 14 20:29:32 2015 -0700

    patch - Fix shell injection vulnerability
    
    * Fix shell injection vulnerability in patch(1) via ed(1) by
      tightening sanity check of the input. [1]
    
    * While I'm there also replace ed(1) with red(1) because we do
      not need the unrestricted functionality.
    
    Obtained from: Bitrig [1], and discussions w/ FreeBSD
    Security: CVE-2015-1418 [1]

Summary of changes:
 usr.bin/patch/pathnames.h |  2 +-
 usr.bin/patch/pch.c       | 16 ++++++++++++++--
 2 files changed, 15 insertions(+), 3 deletions(-)

http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/c4c851315d327b28f126d16bca30e3e30effc533


-- 
DragonFly BSD source repository



More information about the Commits mailing list