aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorUlrich Müller <ulm@gentoo.org>2023-02-26 21:00:06 +0100
committerUlrich Müller <ulm@gentoo.org>2023-02-26 21:00:06 +0100
commitdfe3b5140502207cf64dc11b33c30da958822937 (patch)
treecdc8675a44b6b2018047deb540f1960b1aed66a5 /emacs/28.2/06_all_ruby-mode.patch
parent28.3: Copy patchset from 28.2 (diff)
downloademacs-patches-dfe3b5140502207cf64dc11b33c30da958822937.tar.gz
emacs-patches-dfe3b5140502207cf64dc11b33c30da958822937.tar.bz2
emacs-patches-dfe3b5140502207cf64dc11b33c30da958822937.zip
This fixes command injection vulnerabilities in etags (CVE-2022-48337), ruby-mode (CVE-2022-48338), and htmlfontify (CVE-2022-48339) for Emacs slots 25, 26, 27, and 28. Note that Emacs 25 and 26 are not affected by the ruby-mode vulnerability because function ruby-find-library-file did not yet exist (and there is no call to the gem command in ruby-mode.el). Emacs 18 is not affected by either of them: It doesn't have ruby-mode and htmlfontify, and we no longer install the ctags and etags binaries. Bug: https://bugs.gentoo.org/897950 Signed-off-by: Ulrich Müller <ulm@gentoo.org>
Diffstat (limited to 'emacs/28.2/06_all_ruby-mode.patch')
-rw-r--r--emacs/28.2/06_all_ruby-mode.patch22
1 files changed, 22 insertions, 0 deletions
diff --git a/emacs/28.2/06_all_ruby-mode.patch b/emacs/28.2/06_all_ruby-mode.patch
new file mode 100644
index 0000000..6b1b054
--- /dev/null
+++ b/emacs/28.2/06_all_ruby-mode.patch
@@ -0,0 +1,22 @@
+Fix ruby-mode.el local command injection vulnerability (CVE-2022-48338)
+Patch from emacs-28 branch
+https://bugs.gentoo.org/897950
+https://debbugs.gnu.org/60268
+
+commit 22fb5ff5126dc8bb01edaa0252829d853afb284f
+Author: Xi Lu <lx@shellcodes.org>
+Date: Fri Dec 23 12:52:48 2022 +0800
+
+ Fix ruby-mode.el local command injection vulnerability (bug#60268)
+
+--- a/lisp/progmodes/ruby-mode.el
++++ b/lisp/progmodes/ruby-mode.el
+@@ -1819,7 +1819,7 @@
+ (setq feature-name (read-string "Feature name: " init))))
+ (let ((out
+ (substring
+- (shell-command-to-string (concat "gem which " feature-name))
++ (shell-command-to-string (concat "gem which " (shell-quote-argument feature-name)))
+ 0 -1)))
+ (if (string-match-p "\\`ERROR" out)
+ (user-error "%s" out)