mirror of
git://slackware.nl/current.git
synced 2025-01-10 05:25:51 +01:00
bfb7494122
a/bash-5.0.011-x86_64-1.txz: Upgraded. a/findutils-4.7.0-x86_64-1.txz: Upgraded. ap/squashfs-tools-4.4-x86_64-1.txz: Upgraded. n/irssi-1.2.2-x86_64-1.txz: Upgraded. This update fixes a security issue: Use after free when receiving duplicate CAP found by Joseph Bisch. For more information, see: https://irssi.org/security/html/irssi_sa_2019_08 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15717 (* Security fix *) x/libvdpau-1.3-x86_64-1.txz: Upgraded.
59 lines
1.8 KiB
Text
59 lines
1.8 KiB
Text
BASH PATCH REPORT
|
|
=================
|
|
|
|
Bash-Release: 5.0
|
|
Patch-ID: bash50-011
|
|
|
|
Bug-Reported-by: Matt Whitlock
|
|
Bug-Reference-ID:
|
|
Bug-Reference-URL: https://savannah.gnu.org/support/?109671
|
|
|
|
Bug-Description:
|
|
|
|
The conditional command did not perform appropriate quoted null character
|
|
removal on its arguments, causing syntax errors and attempts to stat
|
|
invalid pathnames.
|
|
|
|
Patch (apply with `patch -p0'):
|
|
|
|
*** ../bash-5.0-patched/subst.c 2018-12-22 17:43:37.000000000 -0500
|
|
--- subst.c 2019-04-14 13:25:41.000000000 -0400
|
|
***************
|
|
*** 3626,3630 ****
|
|
SPECIAL is 2, this is an rhs argument for the =~ operator, and should
|
|
be quoted appropriately for regcomp/regexec. The caller is responsible
|
|
! for removing the backslashes if the unquoted word is needed later. */
|
|
char *
|
|
cond_expand_word (w, special)
|
|
--- 3642,3648 ----
|
|
SPECIAL is 2, this is an rhs argument for the =~ operator, and should
|
|
be quoted appropriately for regcomp/regexec. The caller is responsible
|
|
! for removing the backslashes if the unquoted word is needed later. In
|
|
! any case, since we don't perform word splitting, we need to do quoted
|
|
! null character removal. */
|
|
char *
|
|
cond_expand_word (w, special)
|
|
***************
|
|
*** 3647,3650 ****
|
|
--- 3665,3670 ----
|
|
if (special == 0) /* LHS */
|
|
{
|
|
+ if (l->word)
|
|
+ word_list_remove_quoted_nulls (l);
|
|
dequote_list (l);
|
|
r = string_list (l);
|
|
*** ../bash-5.0/patchlevel.h 2016-06-22 14:51:03.000000000 -0400
|
|
--- patchlevel.h 2016-10-01 11:01:28.000000000 -0400
|
|
***************
|
|
*** 26,30 ****
|
|
looks for to find the patch level (for the sccs version string). */
|
|
|
|
! #define PATCHLEVEL 10
|
|
|
|
#endif /* _PATCHLEVEL_H_ */
|
|
--- 26,30 ----
|
|
looks for to find the patch level (for the sccs version string). */
|
|
|
|
! #define PATCHLEVEL 11
|
|
|
|
#endif /* _PATCHLEVEL_H_ */
|