diff options
Diffstat (limited to 'net-news/newsbeuter/files/newsbeuter-2.9-security-fix.patch')
-rw-r--r-- | net-news/newsbeuter/files/newsbeuter-2.9-security-fix.patch | 20 |
1 files changed, 0 insertions, 20 deletions
diff --git a/net-news/newsbeuter/files/newsbeuter-2.9-security-fix.patch b/net-news/newsbeuter/files/newsbeuter-2.9-security-fix.patch deleted file mode 100644 index 5e7b39a5f20f..000000000000 --- a/net-news/newsbeuter/files/newsbeuter-2.9-security-fix.patch +++ /dev/null @@ -1,20 +0,0 @@ -Newsbeuter didn't properly shell-escape the arguments passed to bookmarking -command, which allows a remote attacker to perform remote code execution by -crafting an RSS item whose title and/or URL contain something interpretable by -the shell (most notably subshell invocations.) - ---- a/src/controller.cpp -+++ b/src/controller.cpp -@@ -1275,9 +1275,10 @@ std::string controller::bookmark(const std::string& url, const std::string& titl - std::string bookmark_cmd = cfg.get_configvalue("bookmark-cmd"); - bool is_interactive = cfg.get_configvalue_as_bool("bookmark-interactive"); - if (bookmark_cmd.length() > 0) { -- std::string cmdline = utils::strprintf("%s '%s' %s %s", -+ std::string cmdline = utils::strprintf("%s '%s' '%s' '%s'", - bookmark_cmd.c_str(), utils::replace_all(url,"'", "%27").c_str(), -- stfl::quote(title).c_str(), stfl::quote(description).c_str()); -+ utils::replace_all(title,"'", "%27").c_str(), -+ utils::replace_all(description,"'", "%27").c_str()); - - LOG(LOG_DEBUG, "controller::bookmark: cmd = %s", cmdline.c_str()); - |