On 01/05/2023 18:18, Ihor Radchenko wrote:
Max Nikulin writes:
I just have noticed that it is tracked as a CVE record:
https://www.cve.org/CVERecord?id=CVE-2023-28617
https://nvd.nist.gov/vuln/detail/CVE-2023-28617
And we do not need to do anything about it, right?
I posted the links as a reminder that shell commands should be avoided
when possible (and it does not break TRAMP) and arguments should be
escaped otherwise.
I suppose, the issue has been received too much attention already:
- https://security-tracker.debian.org/tracker/CVE-2023-28617
- https://ubuntu.com/security/notices/USN-6003-1
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2023-28617
etc.
