Security fix: avoid arbitrary code execution with 'm4 -F'.

* src/freeze.c (produce_frozen_state): Never pass raw file name as printf format. * NEWS: Document this fix. Signed-off-by: Eric Blake <ebb9@byu.net>
author: Eric Blake <ebb9@byu.net> 2007-11-22 07:34:32 -0700
committer: Eric Blake <ebb9@byu.net> 2007-11-22 07:34:32 -0700
commit: 031a71a80442ed2ad3c2ee14d5811c786a12c51b (patch)
tree: c69fc113ab62b594c5ab8a96c1a69cc7ca8a42b1 /NEWS
parent: ed2e087c61541a94a3af378fe963cd1ae271d935 (diff)
download: m4-031a71a80442ed2ad3c2ee14d5811c786a12c51b.tar.gz
1 files changed, 3 insertions, 2 deletions
diff --git a/NEWS b/NEWS
index d988adf3..17625719 100644
--- a/NEWS
+++ b/NEWS
@@ -4,8 +4,9 @@ Foundation, Inc.
 
 Version 1.4.11 - ?? ??? 2007, by ????  (git version 1.4.10a-*)
 
-* Fix core dump in 'm4 -F file -t undefined', present since -F was
-  introduced in 1.3.
+* Security fixes for the -F option, for bugs present since -F was
+  introduced in 1.3: Avoid core dump with 'm4 -F file -t undefined', and
+  avoid arbitrary code execution with certain file names.
 * Fix regression introduced in 1.4.9b in the `divert' builtin when more
   than 512 kibibytes are saved in diversions on platforms like NetBSD where
   fopen(name,"a+") seeks to the end of the file.
author	Eric Blake <ebb9@byu.net>	2007-11-22 07:34:32 -0700
committer	Eric Blake <ebb9@byu.net>	2007-11-22 07:34:32 -0700
commit	031a71a80442ed2ad3c2ee14d5811c786a12c51b (patch)
tree	c69fc113ab62b594c5ab8a96c1a69cc7ca8a42b1 /NEWS
parent	ed2e087c61541a94a3af378fe963cd1ae271d935 (diff)
download	m4-031a71a80442ed2ad3c2ee14d5811c786a12c51b.tar.gz