git: DragonFly_RELEASE_4_2 patch - Fix shell injection vulnerability
Matthew Dillon
dillon at crater.dragonflybsd.org
Fri Aug 14 20:31:39 PDT 2015
commit c4c851315d327b28f126d16bca30e3e30effc533
Author: Matthew Dillon <dillon at apollo.backplane.com>
Date: Fri Aug 14 20:29:32 2015 -0700
patch - Fix shell injection vulnerability
* Fix shell injection vulnerability in patch(1) via ed(1) by
tightening sanity check of the input. [1]
* While I'm there also replace ed(1) with red(1) because we do
not need the unrestricted functionality.
Obtained from: Bitrig [1], and discussions w/ FreeBSD
Security: CVE-2015-1418 [1]
Summary of changes:
usr.bin/patch/pathnames.h | 2 +-
usr.bin/patch/pch.c | 16 ++++++++++++++--
2 files changed, 15 insertions(+), 3 deletions(-)
http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/c4c851315d327b28f126d16bca30e3e30effc533
--
DragonFly BSD source repository
More information about the Commits
mailing list