automatic import of emacsopeneuler24.03_LTSopeneuler23.09

1 files changed, 28 insertions, 0 deletions

diff --git a/emacs-ruby-mode-local-command-injection-vulnerability.patch b/emacs-ruby-mode-local-command-injection-vulnerability.patch
new file mode 100644
index 0000000..38c219d
--- /dev/null
+++ b/emacs-ruby-mode-local-command-injection-vulnerability.patch
@@ -0,0 +1,28 @@
+From 9a3b08061feea14d6f37685ca1ab8801758bfd1c Mon Sep 17 00:00:00 2001
+From: Xi Lu <lx@shellcodes.org>
+Date: Fri, 23 Dec 2022 12:52:48 +0800
+Subject: [PATCH] Fix ruby-mode.el local command injection vulnerability
+ (bug#60268)
+
+* lisp/progmodes/ruby-mode.el
+(ruby-find-library-file): Fix local command injection vulnerability.
+---
+ lisp/progmodes/ruby-mode.el | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lisp/progmodes/ruby-mode.el b/lisp/progmodes/ruby-mode.el
+index 1f3e9b6ae7b..a4aa61905e4 100644
+--- a/lisp/progmodes/ruby-mode.el
++++ b/lisp/progmodes/ruby-mode.el
+@@ -1820,7 +1820,7 @@ ruby-find-library-file
+       (setq feature-name (read-string "Feature name: " init))))
+   (let ((out
+          (substring
+-          (shell-command-to-string (concat "gem which " feature-name))
++          (shell-command-to-string (concat "gem which " (shell-quote-argument feature-name)))
+           0 -1)))
+     (if (string-match-p "\\`ERROR" out)
+         (user-error "%s" out)
+-- 
+2.36.1
+