diff options
author | Ulrich Müller <ulm@gentoo.org> | 2023-02-26 21:00:06 +0100 |
---|---|---|
committer | Ulrich Müller <ulm@gentoo.org> | 2023-02-26 21:00:06 +0100 |
commit | dfe3b5140502207cf64dc11b33c30da958822937 (patch) | |
tree | cdc8675a44b6b2018047deb540f1960b1aed66a5 /emacs/28.2/06_all_ruby-mode.patch | |
parent | 28.3: Copy patchset from 28.2 (diff) | |
download | emacs-patches-dfe3b5140502207cf64dc11b33c30da958822937.tar.gz emacs-patches-dfe3b5140502207cf64dc11b33c30da958822937.tar.bz2 emacs-patches-dfe3b5140502207cf64dc11b33c30da958822937.zip |
Fix multiple command injection vulnerabilitiesemacs-28.2-patches-3emacs-27.2-patches-6emacs-26.3-patches-5emacs-25.3-patches-5
This fixes command injection vulnerabilities in etags (CVE-2022-48337),
ruby-mode (CVE-2022-48338), and htmlfontify (CVE-2022-48339) for Emacs
slots 25, 26, 27, and 28.
Note that Emacs 25 and 26 are not affected by the ruby-mode
vulnerability because function ruby-find-library-file did not yet
exist (and there is no call to the gem command in ruby-mode.el).
Emacs 18 is not affected by either of them: It doesn't have ruby-mode
and htmlfontify, and we no longer install the ctags and etags binaries.
Bug: https://bugs.gentoo.org/897950
Signed-off-by: Ulrich Müller <ulm@gentoo.org>
Diffstat (limited to 'emacs/28.2/06_all_ruby-mode.patch')
-rw-r--r-- | emacs/28.2/06_all_ruby-mode.patch | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/emacs/28.2/06_all_ruby-mode.patch b/emacs/28.2/06_all_ruby-mode.patch new file mode 100644 index 0000000..6b1b054 --- /dev/null +++ b/emacs/28.2/06_all_ruby-mode.patch @@ -0,0 +1,22 @@ +Fix ruby-mode.el local command injection vulnerability (CVE-2022-48338) +Patch from emacs-28 branch +https://bugs.gentoo.org/897950 +https://debbugs.gnu.org/60268 + +commit 22fb5ff5126dc8bb01edaa0252829d853afb284f +Author: Xi Lu <lx@shellcodes.org> +Date: Fri Dec 23 12:52:48 2022 +0800 + + Fix ruby-mode.el local command injection vulnerability (bug#60268) + +--- a/lisp/progmodes/ruby-mode.el ++++ b/lisp/progmodes/ruby-mode.el +@@ -1819,7 +1819,7 @@ + (setq feature-name (read-string "Feature name: " init)))) + (let ((out + (substring +- (shell-command-to-string (concat "gem which " feature-name)) ++ (shell-command-to-string (concat "gem which " (shell-quote-argument feature-name))) + 0 -1))) + (if (string-match-p "\\`ERROR" out) + (user-error "%s" out) |