diff options
Diffstat (limited to 'kde-plasma/plasma-workspace/files/plasma-workspace-5.11.5-CVE-2018-6791.patch')
-rw-r--r-- | kde-plasma/plasma-workspace/files/plasma-workspace-5.11.5-CVE-2018-6791.patch | 31 |
1 files changed, 0 insertions, 31 deletions
diff --git a/kde-plasma/plasma-workspace/files/plasma-workspace-5.11.5-CVE-2018-6791.patch b/kde-plasma/plasma-workspace/files/plasma-workspace-5.11.5-CVE-2018-6791.patch deleted file mode 100644 index 621687c59d24..000000000000 --- a/kde-plasma/plasma-workspace/files/plasma-workspace-5.11.5-CVE-2018-6791.patch +++ /dev/null @@ -1,31 +0,0 @@ -From f32002ce50edc3891f1fa41173132c820b917d57 Mon Sep 17 00:00:00 2001 -From: Marco Martin <notmart@gmail.com> -Date: Mon, 5 Feb 2018 13:12:51 +0100 -Subject: [PATCH] Make sure device paths are quoted - -in the case a vfat removable device has $() or `` in its label, -such as $(touch foo) the quoted command may get executed, -leaving an attack vector. Use KMacroExpander::expandMacrosShellQuote -to make sure everything is quoted and not interpreted as a command - -BUG:389815 ---- - soliduiserver/deviceserviceaction.cpp | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/soliduiserver/deviceserviceaction.cpp b/soliduiserver/deviceserviceaction.cpp -index f49c967a..738b27c8 100644 ---- a/soliduiserver/deviceserviceaction.cpp -+++ b/soliduiserver/deviceserviceaction.cpp -@@ -158,7 +158,7 @@ void DelayedExecutor::delayedExecute(const QString &udi) - - QString exec = m_service.exec(); - MacroExpander mx(device); -- mx.expandMacros(exec); -+ mx.expandMacrosShellQuote(exec); - - KRun::runCommand(exec, QString(), m_service.icon(), 0); - deleteLater(); --- -2.13.6 - |