diff options
Diffstat (limited to 'emacs-ruby-mode-local-command-injection-vulnerability.patch')
| -rw-r--r-- | emacs-ruby-mode-local-command-injection-vulnerability.patch | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/emacs-ruby-mode-local-command-injection-vulnerability.patch b/emacs-ruby-mode-local-command-injection-vulnerability.patch new file mode 100644 index 0000000..38c219d --- /dev/null +++ b/emacs-ruby-mode-local-command-injection-vulnerability.patch @@ -0,0 +1,28 @@ +From 9a3b08061feea14d6f37685ca1ab8801758bfd1c Mon Sep 17 00:00:00 2001 +From: Xi Lu <lx@shellcodes.org> +Date: Fri, 23 Dec 2022 12:52:48 +0800 +Subject: [PATCH] Fix ruby-mode.el local command injection vulnerability + (bug#60268) + +* lisp/progmodes/ruby-mode.el +(ruby-find-library-file): Fix local command injection vulnerability. +--- + lisp/progmodes/ruby-mode.el | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lisp/progmodes/ruby-mode.el b/lisp/progmodes/ruby-mode.el +index 1f3e9b6ae7b..a4aa61905e4 100644 +--- a/lisp/progmodes/ruby-mode.el ++++ b/lisp/progmodes/ruby-mode.el +@@ -1820,7 +1820,7 @@ ruby-find-library-file + (setq feature-name (read-string "Feature name: " init)))) + (let ((out + (substring +- (shell-command-to-string (concat "gem which " feature-name)) ++ (shell-command-to-string (concat "gem which " (shell-quote-argument feature-name))) + 0 -1))) + (if (string-match-p "\\`ERROR" out) + (user-error "%s" out) +-- +2.36.1 + |