projects
/
emacs.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
320ab83
)
Org Mode vulnerability CVE-2023-28617 is fixed (2/2)
author
Xi Lu
<lx@shellcodes.org>
Sat, 18 Feb 2023 10:03:28 +0000
(18:03 +0800)
committer
Rob Browning
<rlb@defaultvalue.org>
Fri, 31 Mar 2023 18:21:11 +0000
(13:21 -0500)
https://security-tracker.debian.org/tracker/CVE-2023-28617
This upstream patch (2/2) has been incorporated to fix the problem:
Org Mode command injection vulnerability has been fixed (CVE-2023-28617)
* lisp/ob-latex.el (org-babel-execute:latex): Fix command injection vulnerability
Link:
https://orgmode.org/list/tencent_5C4D5D0DEFDDBBFC66F855703927E60C7706@qq.com
TINYCHANGE
Origin: https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=
8f8ec2ccf3f5ef8f38d68ec84a7e4739c45db485
Bug-Debian: https://bugs.debian.org/
1033342
lisp/org/ob-latex.el
patch
|
blob
|
history
diff --git
a/lisp/org/ob-latex.el
b/lisp/org/ob-latex.el
index 73139c836b8d6860d7714cb97747bb46de91789b..1c5df6fe85d1d89e07670f5db38022b075997729 100644
(file)
--- a/
lisp/org/ob-latex.el
+++ b/
lisp/org/ob-latex.el
@@
-167,7
+167,7
@@
This function is called by `org-babel-execute-src-block'."
tmp-pdf
(list org-babel-latex-pdf-svg-process)
extension err-msg log-buf)))
- (
shell-command (format "mv %s %s" img-out out-file)
))))
+ (
rename-file img-out out-file t
))))
((string-suffix-p ".tikz" out-file)
(when (file-exists-p out-file) (delete-file out-file))
(with-temp-file out-file
projects / emacs.git / commitdiff