Max Nikulin <maniku...@gmail.com> writes: >> And we do not need to do anything about it, right? > > I posted the links as a reminder that shell commands should be avoided > when possible (and it does not break TRAMP) and arguments should be > escaped otherwise.
But this patch literally fixed the problem. What else should we do? > I suppose, the issue has been received too much attention already: > > - https://security-tracker.debian.org/tracker/CVE-2023-28617 > - https://ubuntu.com/security/notices/USN-6003-1 > - https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2023-28617 These appear to be different issues. If you think that any of them remains unaddressed, patches welcome. -- Ihor Radchenko // yantar92, Org mode contributor, Learn more about Org mode at <https://orgmode.org/>. Support Org development at <https://liberapay.com/org-mode>, or support my work at <https://liberapay.com/yantar92>
