Max Nikulin writes:
>> But this patch literally fixed the problem. What else should we do?
>
> Do you really think that it was the last unsafe shell command in the Org
> code?
No, but I prefer concrete examples. The CVE you linked to refers to
an already fixed bug.
> https://git.savannah.gnu.o
On 02/05/2023 18:21, Ihor Radchenko wrote:
Max Nikulin writes:
I posted the links as a reminder that shell commands should be avoided
when possible (and it does not break TRAMP) and arguments should be
escaped otherwise.
But this patch literally fixed the problem. What else should we do?
Do
Max Nikulin writes:
>> And we do not need to do anything about it, right?
>
> I posted the links as a reminder that shell commands should be avoided
> when possible (and it does not break TRAMP) and arguments should be
> escaped otherwise.
But this patch literally fixed the problem. What else
On 01/05/2023 18:18, Ihor Radchenko wrote:
Max Nikulin writes:
I just have noticed that it is tracked as a CVE record:
https://www.cve.org/CVERecord?id=CVE-2023-28617
https://nvd.nist.gov/vuln/detail/CVE-2023-28617
And we do not need to do anything about it, right?
I posted the links as a
