diff options
Diffstat (limited to 'emacs/25.3/06_all_htmlfontify.patch')
| -rw-r--r-- | emacs/25.3/06_all_htmlfontify.patch | 22 |
1 files changed, 0 insertions, 22 deletions
diff --git a/emacs/25.3/06_all_htmlfontify.patch b/emacs/25.3/06_all_htmlfontify.patch deleted file mode 100644 index 6870c0b..0000000 --- a/emacs/25.3/06_all_htmlfontify.patch +++ /dev/null @@ -1,22 +0,0 @@ -Fix htmlfontify.el command injection vulnerability (CVE-2022-48339) -Backported from emacs-28 branch -https://bugs.gentoo.org/897950 -https://debbugs.gnu.org/60295 - -commit 807d2d5b3a7cd1d0e3f7dd24de22770f54f5ae16 -Author: Xi Lu <lx@shellcodes.org> -Date: Sat Dec 24 16:28:54 2022 +0800 - - Fix htmlfontify.el command injection vulnerability. - ---- emacs-25.3/lisp/htmlfontify.el -+++ emacs-25.3/lisp/htmlfontify.el -@@ -1898,7 +1898,7 @@ - - (defun hfy-text-p (srcdir file) - "Is SRCDIR/FILE text? Uses `hfy-istext-command' to determine this." -- (let* ((cmd (format hfy-istext-command (expand-file-name file srcdir))) -+ (let* ((cmd (format hfy-istext-command (shell-quote-argument (expand-file-name file srcdir)))) - (rsp (shell-command-to-string cmd))) - (string-match "text" rsp))) - |