Fix CVE-2017-12836: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-12836 https://security-tracker.debian.org/tracker/CVE-2017-12836 Patch adpated from Debian (comments and changelog annotations removed): https://anonscm.debian.org/cgit/collab-maint/cvs.git/commit/?h=stretch&id=41e077396e35efb6c879951f44c62dd8a1d0f094 From 41e077396e35efb6c879951f44c62dd8a1d0f094 Mon Sep 17 00:00:00 2001 From: mirabilos Date: Sat, 12 Aug 2017 03:17:18 +0200 Subject: Fix CVE-2017-12836 (Closes: #871810) for stretch --- debian/changelog | 6 ++++++ src/rsh-client.c | 10 ++++++++-- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/src/rsh-client.c b/src/rsh-client.c index fe0cfc4..1fc860d 100644 --- a/src/rsh-client.c +++ b/src/rsh-client.c @@ -105,6 +106,9 @@ start_rsh_server (cvsroot_t *root, struct buffer **to_server_p, rsh_argv[i++] = argvport; } + /* Only non-option arguments from here. (CVE-2017-12836) */ + rsh_argv[i++] = "--"; + rsh_argv[i++] = root->hostname; rsh_argv[i++] = cvs_server; if (readonlyfs) @@ -189,6 +193,8 @@ start_rsh_server (cvsroot_t *root, struct buffer **to_server_p, *p++ = argvport; } + *p++ = "--"; + *p++ = root->hostname; *p++ = command; *p++ = NULL; -- cgit v0.12 fcc39864dba82e14895afbe841091091366c96bc'>treecommitdiff
path: root/gnu/packages/fcitx.scm
AgeCommit message (Expand)Author
2021-01-31gnu: Add fcitx-qt5....* gnu/packages/fcitx.scm (fcitx-qt5): New variable. Signed-off-by: Leo Prikler <leo.prikler@student.tugraz.at> Raghav Gururajan
2020-09-22gnu: fcitx: Update to 4.2.9.8....* gnu/packages/fcitx.scm(fcitx): Update to 4.2.9.8. Signed-off-by: Mathieu Othacehe <othacehe@gnu.org> Zhu Zihao
2020-08-18gnu: Add presage....* gnu/packages/fcitx.scm (presage): New variable. Signed-off-by: Danny Milosavljevic <dannym@scratchpost.org> Raghav Gururajan