From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: "lux" Newsgroups: gmane.emacs.bugs Subject: bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability Date: Fri, 25 Nov 2022 16:38:02 +0800 Message-ID: References: <837czkw7sl.fsf@gnu.org> <8335a8w643.fsf@gnu.org> Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_63807EEA_109BAFA0_367BF812" Content-Transfer-Encoding: 8Bit Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="7764"; mail-complaints-to="usenet@ciao.gmane.io" Cc: 59544 <59544@debbugs.gnu.org>, Eli Zaretskii To: "Stefan Kangas" Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Fri Nov 25 09:39:16 2022 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1oyUEt-0001s8-I0 for geb-bug-gnu-emacs@m.gmane-mx.org; Fri, 25 Nov 2022 09:39:15 +0100 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oyUEi-0001n4-2P; Fri, 25 Nov 2022 03:39:04 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oyUEh-0001mu-31 for bug-gnu-emacs@gnu.org; Fri, 25 Nov 2022 03:39:03 -0500 Original-Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1oyUEg-0008Vt-PY for bug-gnu-emacs@gnu.org; Fri, 25 Nov 2022 03:39:02 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1oyUEg-00086g-ME for bug-gnu-emacs@gnu.org; Fri, 25 Nov 2022 03:39:02 -0500 X-Loop: help-debbugs@gnu.org Resent-From: "lux" Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Fri, 25 Nov 2022 08:39:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 59544 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security patch Original-Received: via spool by 59544-submit@debbugs.gnu.org id=B59544.166936550031099 (code B ref 59544); Fri, 25 Nov 2022 08:39:02 +0000 Original-Received: (at 59544) by debbugs.gnu.org; 25 Nov 2022 08:38:20 +0000 Original-Received: from localhost ([127.0.0.1]:33439 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oyUE0-00085X-61 for submit@debbugs.gnu.org; Fri, 25 Nov 2022 03:38:20 -0500 Original-Received: from out203-205-251-27.mail.qq.com ([203.205.251.27]:60797) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oyUDt-00084y-Lf for 59544@debbugs.gnu.org; Fri, 25 Nov 2022 03:38:14 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qq.com; s=s201512; t=1669365483; bh=o8CnDAl2vPKY2LB4FvE2HoMmQ1SdFc01btGkE9dUjgU=; h=In-Reply-To:References:From:To:Cc:Subject:Date; b=mPvrJeM+tMcXoYxizNz+jEytgKQQA+4iyHKZYTfCKMj9x+pYvlNauOAOfKy4+S8GA uTFsp3wH0SRMsFnn+cmLlOP9S0E5T/T9CKN2Q181v6yYFdVIdft2ttxSxSi1880NCi 2F8D/DEk2IK84W1bE+Yja9eiBzP9luabt8f8uvpI= X-QQ-FEAT: oHWrrGTW1dAz+QFKvuUnj/W0ULeT1nZf X-QQ-SSF: 00000000000000F0000000000000 X-QQ-XMAILINFO: Ne0uTFVbb6Dyd58F7J6wZ7DIPvBC25mO2SNNlyWGM/ASY7eNdDqmXX900naRV4 LffmCfho/erHPrWHTj3G/3diQU0c9E/D3xiVvyHPXLWkySKlTHOw68sXTAyFKiw743LpBpBYzfXIc DIXxl3lbKlmORbvlsGsKoCndtWbwaSkHvIetdaAy4+bX1o9+KYrNGDx0BtwoWbLF17wLQBVgGNNpk 5+uN6jlXUvBkfRrnr/My5HJ7aIm267PEkz9mRC8hk1xSQx2Sw0OCfVFqT0xryeXR1mNXJaFN2JMcA VKa8z9YWImDrvG9WAsffJ3TC7CPpZB5kPfoig8qqvw1lXtjSj8Pv81c23IacMYYNkHhyllgcG4lzW Fftmzpzpx4mL9AppzXL2ZCioAs2nxWQz8PlZm2JfFe814dDHEaNVfDDnASN8zF1uqKbLXcM//b1xZ MpmJdHHZYQ7SfUFZdZdkRNq0kFBWTd+E5iv2+KfvWWCi3MK1fgUr9DTGp6qONO6cqg+CXE5JJgjwP 0ADjMuHtIkijCqnP1h8T7jUI7QqfqH1/tOXHW10m4wBKWAr3Wm8VVQTPbAxJv4/mV1DSuJORrXl3Y dpeq+NZomsMUnySZQBCePyKT/EbIxWSSH83LJB2S+26uhwXP0wgxZyjmrA5xJ9zabQT0HYkIDoY9n Tg9tQaNAgUmpGhuxBqXH0PbpnldcShOU9m9LnI52OXJOQ9V1f6IJuK1hrb9cRVGTbL9zZmIw6qyFa l59JFb2V79L9pypRQMUGzJnq+zsUrblNuppM+uC4nXG5ltpH0KPAzBnUSYWNWdJYCjXTKCcIRQ8Nq tM37d5Pc36bguj8qaLqeBtr8ThWVVt X-HAS-ATTACH: no X-QQ-BUSINESS-ORIGIN: 2 X-Originating-IP: 1.14.122.99 In-Reply-To: X-QQ-mid: webmail543t1669365482t980638 X-Priority: 3 X-QQ-MIME: TCMime 1.0 by Tencent X-Mailer: QQMail 2.x X-QQ-Mailer: QQMail 2.x X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.bugs:248979 Archived-At: This is a multi-part message in MIME format. ------=_NextPart_63807EEA_109BAFA0_367BF812 Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: base64 LS0tLS0tLS0tLS0tLS0tLS0tJm5ic3A7T3JpZ2luYWwmbmJzcDstLS0tLS0tLS0tLS0tLS0t LS0NCkZyb206ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgIlN0ZWZhbiBLYW5nYXMiICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgPHN0ZWZhbmthbmdhc0BnbWFpbC5jb20mZ3Q7Ow0KRGF0ZTombmJzcDtG cmksIE5vdiAyNSwgMjAyMiAwMzo1MyBQTQ0KVG86Jm5ic3A7Imx1eCI8bHhAc2hlbGxjb2Rl cy5vcmcmZ3Q7Ow0KQ2M6Jm5ic3A7IkVsaSBaYXJldHNraWkiPGVsaXpAZ251Lm9yZyZndDs7 IjU5NTQ0Ijw1OTU0NEBkZWJidWdzLmdudS5vcmcmZ3Q7Ow0KU3ViamVjdDombmJzcDtSZTog YnVnIzU5NTQ0OiBbUEFUQ0hdIEZpeGVkIGxpYi1zcmMvZXRhZ3MuYyBjb21tYW5kIGV4ZWN1 dGUgdnVsbmVyYWJpbGl0eQ0KDQoNCg0KImx1eCIgPGx4QHNoZWxsY29kZXMub3JnJmd0OyB3 cml0ZXM6DQoNCiZndDsgSSByZXdyb3RlIHRoaXMgY29kZSwgbm90IHVzZSBzeXN0ZW0oMSku DQoNClRoYW5rcy4NCg0KJmd0OyBGcm9tIGQ2YmM3MWY4NjQwZWZlN2NhYTI2NTdhNzVjNWFh NGQ4YjRmMDUzMmMgTW9uIFNlcCAxNyAwMDowMDowMCAyMDAxDQomZ3Q7IEZyb206IGx1NG54 IDxseEBzaGVsbGNvZGVzLm9yZyZndDsNCiZndDsgRGF0ZTogRnJpLCAyNSBOb3YgMjAyMiAx NDozODoyOSArMDgwMA0KJmd0OyBTdWJqZWN0OiBbUEFUQ0hdICogRml4ZWQgbGliLXNyYy9l dGFncy5jIGNvbW1hbmQgZXhlY3V0ZSB2dWxuZXJhYmlsaXR5DQomZ3Q7DQomZ3Q7IC0tLQ0K Jmd0OyZuYnNwOyBsaWItc3JjL2V0YWdzLmMgfCA0NCArKysrKysrKysrKysrKysrKysrKysr KysrKysrKysrLS0tLS0tLS0tLS0tLQ0KJmd0OyZuYnNwOyAxIGZpbGUgY2hhbmdlZCwgMzEg aW5zZXJ0aW9ucygrKSwgMTMgZGVsZXRpb25zKC0pDQomZ3Q7DQomZ3Q7IGRpZmYgLS1naXQg YS9saWItc3JjL2V0YWdzLmMgYi9saWItc3JjL2V0YWdzLmMNCiZndDsgaW5kZXggZjY2NWYz NWZhNi4uMWJiMzUyZjU2NSAxMDA2NDQNCiZndDsgLS0tIGEvbGliLXNyYy9ldGFncy5jDQom Z3Q7ICsrKyBiL2xpYi1zcmMvZXRhZ3MuYw0KJmd0OyBAQCAtMTM4Nyw5ICsxMzg3LDExIEBA IG1haW4gKGludCBhcmdjLCBjaGFyICoqYXJndikNCiZndDsmbmJzcDsmbmJzcDsmbmJzcDsg LyogRnJvbSBoZXJlIG9uLCB3ZSBhcmUgaW4gKENUQUdTICZhbXA7JmFtcDsgIWN4cmVmX3N0 eWxlKSAqLw0KJmd0OyZuYnNwOyZuYnNwOyZuYnNwOyBpZiAodXBkYXRlKQ0KJmd0OyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyB7DQomZ3Q7IC0mbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsgY2hhciAqY21kID0NCiZndDsgLQl4bWFsbG9jIChzdHJsZW4gKHRhZ2Zp bGUpICsgd2hhdGxlbl9tYXggKw0KJmd0OyAtCQkgc2l6ZW9mICJtdi4uT1RBR1M7Z3JlcCAt RnYgJ1x0XHQnIE9UQUdTICZndDs7cm0gT1RBR1MiKTsNCiZndDsgKyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyBGSUxFICpvdGFnc19mLCAqdGFnX2Y7DQomZ3Q7ICsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgaW50IGJ1Zl9sZW47DQomZ3Q7ICsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsgY2hhciAqYnVmOw0KJmd0OyArJm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7IGNoYXIgbGluZVs1MTJdOw0KDQomZ3Q7IEhtbSwgSSdtIG5vdCBz dXJlIGFib3V0IHRoZSBoYXJkLWNvZGVkIDUxMiBjaGFyYWN0ZXIgbGluZSBsaW1pdCBoZXJl Lg0KJmd0OyBJU1RSIHRoYXQgc29tZSBwZW9wbGUgdXNlIG11Y2ggbG9uZ2VyIGxpbmVzIHRo YW4gdGhhdC4NCg0KSGksIGRvIHlvdSBoYXZlIGFueSBzdWdnZXN0aW9ucz8gQXQgcHJlc2Vu dCwgSSB0aGluayBoYXJkY29kaW5nIDUxMiBpcyBlbm91Z2gsIHRoYW5rcyA6LSk= ------=_NextPart_63807EEA_109BAFA0_367BF812 Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: base64 PG1ldGEgaHR0cC1lcXVpdj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNo YXJzZXQ9R0IxODAzMCI+PGRpdj48YnI+PC9kaXY+PGRpdiBzdHlsZT0icG9zaXRpb246IHJl bGF0aXZlOyI+PGRpdj48YnI+PC9kaXY+PGRpdj48YnI+PC9kaXY+PGRpdiBzdHlsZT0iZm9u dC1zaXplOiAxMnB4O2ZvbnQtZmFtaWx5OiBBcmlhbCBOYXJyb3c7cGFkZGluZzoycHggMCAy cHggMDsiPi0tLS0tLS0tLS0tLS0tLS0tLSZuYnNwO09yaWdpbmFsJm5ic3A7LS0tLS0tLS0t LS0tLS0tLS0tPC9kaXY+PGRpdiBzdHlsZT0iZm9udC1zaXplOiAxMnB4O2JhY2tncm91bmQ6 I2VmZWZlZjtwYWRkaW5nOjhweDsiPjxkaXY+PGI+RnJvbTo8L2I+ICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIlN0 ZWZhbiBLYW5nYXMiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJmx0O3N0ZWZhbmth bmdhc0BnbWFpbC5jb20mZ3Q7OzwvZGl2PjxkaXY+PGI+RGF0ZTo8L2I+Jm5ic3A7RnJpLCBO b3YgMjUsIDIwMjIgMDM6NTMgUE08L2Rpdj48ZGl2PjxiPlRvOjwvYj4mbmJzcDsibHV4IiZs dDtseEBzaGVsbGNvZGVzLm9yZyZndDs7PHdicj48L2Rpdj48ZGl2PjxiPkNjOjwvYj4mbmJz cDsiRWxpIFphcmV0c2tpaSImbHQ7ZWxpekBnbnUub3JnJmd0OzsiNTk1NDQiJmx0OzU5NTQ0 QGRlYmJ1Z3MuZ251Lm9yZyZndDs7PHdicj48L2Rpdj48ZGl2PjxiPlN1YmplY3Q6PC9iPiZu YnNwO1JlOiBidWcjNTk1NDQ6IFtQQVRDSF0gRml4ZWQgbGliLXNyYy9ldGFncy5jIGNvbW1h bmQgZXhlY3V0ZSB2dWxuZXJhYmlsaXR5PC9kaXY+PC9kaXY+PGRpdj48YnI+PC9kaXY+Imx1 eCIgJmx0O2x4QHNoZWxsY29kZXMub3JnJmd0OyB3cml0ZXM6PGJyPjxicj4mZ3Q7IEkgcmV3 cm90ZSB0aGlzIGNvZGUsIG5vdCB1c2Ugc3lzdGVtKDEpLjxicj48YnI+VGhhbmtzLjxicj48 YnI+Jmd0OyBGcm9tIGQ2YmM3MWY4NjQwZWZlN2NhYTI2NTdhNzVjNWFhNGQ4YjRmMDUzMmMg TW9uIFNlcCAxNyAwMDowMDowMCAyMDAxPGJyPiZndDsgRnJvbTogbHU0bnggJmx0O2x4QHNo ZWxsY29kZXMub3JnJmd0Ozxicj4mZ3Q7IERhdGU6IEZyaSwgMjUgTm92IDIwMjIgMTQ6Mzg6 MjkgKzA4MDA8YnI+Jmd0OyBTdWJqZWN0OiBbUEFUQ0hdICogRml4ZWQgbGliLXNyYy9ldGFn cy5jIGNvbW1hbmQgZXhlY3V0ZSB2dWxuZXJhYmlsaXR5PGJyPiZndDs8YnI+Jmd0OyAtLS08 YnI+Jmd0OyZuYnNwOyBsaWItc3JjL2V0YWdzLmMgfCA0NCArKysrKysrKysrKysrKysrKysr KysrKysrKysrKysrLS0tLS0tLS0tLS0tLTxicj4mZ3Q7Jm5ic3A7IDEgZmlsZSBjaGFuZ2Vk LCAzMSBpbnNlcnRpb25zKCspLCAxMyBkZWxldGlvbnMoLSk8YnI+Jmd0Ozxicj4mZ3Q7IGRp ZmYgLS1naXQgYS9saWItc3JjL2V0YWdzLmMgYi9saWItc3JjL2V0YWdzLmM8YnI+Jmd0OyBp bmRleCBmNjY1ZjM1ZmE2Li4xYmIzNTJmNTY1IDEwMDY0NDxicj4mZ3Q7IC0tLSBhL2xpYi1z cmMvZXRhZ3MuYzxicj4mZ3Q7ICsrKyBiL2xpYi1zcmMvZXRhZ3MuYzxicj4mZ3Q7IEBAIC0x Mzg3LDkgKzEzODcsMTEgQEAgbWFpbiAoaW50IGFyZ2MsIGNoYXIgKiphcmd2KTxicj4mZ3Q7 Jm5ic3A7Jm5ic3A7Jm5ic3A7IC8qIEZyb20gaGVyZSBvbiwgd2UgYXJlIGluIChDVEFHUyAm YW1wOyZhbXA7ICFjeHJlZl9zdHlsZSkgKi88YnI+Jmd0OyZuYnNwOyZuYnNwOyZuYnNwOyBp ZiAodXBkYXRlKTxicj4mZ3Q7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IHs8YnI+ Jmd0OyAtJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IGNoYXIgKmNtZCA9PGJyPiZn dDsgLQl4bWFsbG9jIChzdHJsZW4gKHRhZ2ZpbGUpICsgd2hhdGxlbl9tYXggKzxicj4mZ3Q7 IC0JCSBzaXplb2YgIm12Li5PVEFHUztncmVwIC1GdiAnXHRcdCcgT1RBR1MgJmd0OztybSBP VEFHUyIpOzxicj4mZ3Q7ICsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgRklMRSAq b3RhZ3NfZiwgKnRhZ19mOzxicj4mZ3Q7ICsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsgaW50IGJ1Zl9sZW47PGJyPiZndDsgKyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyBjaGFyICpidWY7PGJyPiZndDsgKyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyBj aGFyIGxpbmVbNTEyXTs8YnI+PGJyPiZndDsgSG1tLCBJJ20gbm90IHN1cmUgYWJvdXQgdGhl IGhhcmQtY29kZWQgNTEyIGNoYXJhY3RlciBsaW5lIGxpbWl0IGhlcmUuPGJyPiZndDsgSVNU UiB0aGF0IHNvbWUgcGVvcGxlIHVzZSBtdWNoIGxvbmdlciBsaW5lcyB0aGFuIHRoYXQuPGJy Pjxicj5IaSwgZG8geW91IGhhdmUgYW55IHN1Z2dlc3Rpb25zPyBBdCBwcmVzZW50LCBJIHRo aW5rIGhhcmRjb2RpbmcgNTEyIGlzIGVub3VnaCwgdGhhbmtzIDotKTwvZGl2Pg== ------=_NextPart_63807EEA_109BAFA0_367BF812--