|
From: | rain1 |
Subject: | [bug-patch] ed scripts allow arbitrary code execution |
Date: | Thu, 05 Apr 2018 20:18:05 +0100 |
User-agent: | Roundcube Webmail/1.3.3 |
Hello.From responses to the 'beep' bug it was noticed that GNU patch files can result in arbitrary code execution via 'ed'. [1] <http://rachelbythebay.com/w/2018/04/05/bangpatch/>
Included is a patch that removes that dangerous feature.
0001-Remove-the-ed-script-feature-for-security-reasons.-A.patch
Description: Text Data
[Prev in Thread] | Current Thread | [Next in Thread] |