svn commit: r397124 - in head/deskutils/shutter: . files
Mark Felder
feld at FreeBSD.org
Thu Sep 17 16:17:57 UTC 2015
Author: feld
Date: Thu Sep 17 16:17:55 2015
New Revision: 397124
URL: https://svnweb.freebsd.org/changeset/ports/397124
Log:
Fix arbitrary code execution vulnerability
MFH: 2015Q3
Security: CVE-2015-0854
Security: d45ad7ae-5d56-11e5-9ad8-14dae9d210b8
Added:
head/deskutils/shutter/files/
head/deskutils/shutter/files/patch-CVE-2015-0854 (contents, props changed)
Modified:
head/deskutils/shutter/Makefile
Modified: head/deskutils/shutter/Makefile
==============================================================================
--- head/deskutils/shutter/Makefile Thu Sep 17 16:16:12 2015 (r397123)
+++ head/deskutils/shutter/Makefile Thu Sep 17 16:17:55 2015 (r397124)
@@ -3,7 +3,7 @@
PORTNAME= shutter
PORTVERSION= 0.93.1
-PORTREVISION= 1
+PORTREVISION= 2
CATEGORIES= deskutils
MASTER_SITES= http://shutter-project.org/wp-content/uploads/releases/tars/
Added: head/deskutils/shutter/files/patch-CVE-2015-0854
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/deskutils/shutter/files/patch-CVE-2015-0854 Thu Sep 17 16:17:55 2015 (r397124)
@@ -0,0 +1,12 @@
+--- share/shutter/resources/modules/Shutter/App/HelperFunctions.pm.orig 2015-09-17 16:09:58 UTC
++++ share/shutter/resources/modules/Shutter/App/HelperFunctions.pm
+@@ -53,7 +53,8 @@ sub new {
+
+ sub xdg_open {
+ my ( $self, $dialog, $link, $user_data ) = @_;
+- system("xdg-open $link");
++ @args = ("xdg-open", "$link");
++ system(@args);
+ if($?){
+ my $response = $self->{_dialogs}->dlg_error_message(
+ sprintf( $self->{_d}->get("Error while executing %s."), "'xdg-open'"),
More information about the svn-ports-head
mailing list