]> git.donarmstrong.com Git - lilypond.git/commit
projects / lilypond.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a1936b8) | patch
Fix argument injection in lilypond-invoke-editor, CVE-2017-17523.
authorDr. Tobias Quathamer <toddy@debian.org>
Sun, 28 Jan 2018 21:03:13 +0000 (22:03 +0100)
committerDr. Tobias Quathamer <toddy@debian.org>
Sun, 28 Jan 2018 21:03:13 +0000 (22:03 +0100)
commite6abfc43784eb926cb6b50863ccb24dfef8f98e5
tree91acb6ac14e4c2dc9da6a4b7a8d05e1c0a20f33dtree | snapshot
parenta1936b89236c17f1fa2abcb8f2f747d586073129commit | diff
Fix argument injection in lilypond-invoke-editor, CVE-2017-17523.

This is a cherry-pick of upstream's fix, see
https://sourceforge.net/p/testlilyissues/issues/5243/

Closes: #884136
debian/patches/Issue-5243-1-editor-scm-Add-shell-quote-argument-function.diff [new file with mode: 0644] blob
debian/patches/Issue-5243-2-Let-get-editor-use-shell-quote-argument.diff [new file with mode: 0644] blob
debian/patches/Issue-5243-3-More-conservative-parsing-of-textedit-URIs.diff [new file with mode: 0644] blob
debian/patches/series diff | blob | history
Debian packaging of lilypond