[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] Fix ob-latex.el command injection vulnerability.

From: lux
Subject: Re: [PATCH] Fix ob-latex.el command injection vulnerability.
Date: Sat, 11 Mar 2023 18:57:55 +0800
User-agent: Evolution 3.46.4 (3.46.4-1.fc37)

On Sat, 2023-03-11 at 10:47 +0000, Ihor Radchenko wrote:
> I am afraid that we cannot make things universally safe here without
> breaking changes. The best way will be treating :cmd and similar
> header
> args as unsafe and include them into the planned safety prompt system
> we
> discussed in https://orgmode.org/list/87edsd5o89.fsf@localhost

Ok, I'll undo this part of the changes first, and repost patch.

Attachment: 0001-lisp-ob-latex.el-Fix-command-injection-vulnerability.patch
Description: Text Data

reply via email to

[Prev in Thread] Current Thread [Next in Thread]