The fix for Red Eclipse has been committed as https://sourceforge.net/apps/trac/redeclipse/changeset/3764 .
I've prepared a DEP-3 patch (attached). I intend to add this patch to the current version of Red Eclipse in Debian. -- Martin Erik Werner <martinerikwer...@gmail.com>
From 52fdd35c3ffc1ce2e568180eac2da93e179fef2a Mon Sep 17 00:00:00 2001 From: eihrul <eihrul@2cd6abe5-5779-42d9-9038-cec04ae5ff40> Date: Sun, 22 Jul 2012 21:22:55 +0000 Subject: [PATCH] text command fix Comment: This patch fixes a file access security issue which could allow a remote attacker access local files by transmitting map script files. git-svn-id: https://redeclipse.svn.sourceforge.net/svnroot/redeclipse@3764 2cd6abe5-5779-42d9-9038-cec04ae5ff40 --- src/engine/textedit.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/src/engine/textedit.h +++ b/src/engine/textedit.h @@ -690,7 +690,7 @@ #define TEXTCOMMAND(f, s, d, body) ICOMMAND(0, f, s, d,\ editor *top = currentfocus();\ - if(!top) return;\ + if(!top || identflags&IDF_WORLD) return;\ body\ )
signature.asc
Description: This is a digitally signed message part
