diff options
author | Eric Blake <ebb9@byu.net> | 2007-11-22 07:34:32 -0700 |
---|---|---|
committer | Eric Blake <ebb9@byu.net> | 2007-11-22 07:34:32 -0700 |
commit | 031a71a80442ed2ad3c2ee14d5811c786a12c51b (patch) | |
tree | c69fc113ab62b594c5ab8a96c1a69cc7ca8a42b1 /NEWS | |
parent | ed2e087c61541a94a3af378fe963cd1ae271d935 (diff) | |
download | m4-031a71a80442ed2ad3c2ee14d5811c786a12c51b.tar.gz |
Security fix: avoid arbitrary code execution with 'm4 -F'.
* src/freeze.c (produce_frozen_state): Never pass raw file name as
printf format.
* NEWS: Document this fix.
Signed-off-by: Eric Blake <ebb9@byu.net>
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 5 |
1 files changed, 3 insertions, 2 deletions
@@ -4,8 +4,9 @@ Foundation, Inc. Version 1.4.11 - ?? ??? 2007, by ???? (git version 1.4.10a-*) -* Fix core dump in 'm4 -F file -t undefined', present since -F was - introduced in 1.3. +* Security fixes for the -F option, for bugs present since -F was + introduced in 1.3: Avoid core dump with 'm4 -F file -t undefined', and + avoid arbitrary code execution with certain file names. * Fix regression introduced in 1.4.9b in the `divert' builtin when more than 512 kibibytes are saved in diversions on platforms like NetBSD where fopen(name,"a+") seeks to the end of the file. |