blob: ddd1ce93f411ade1dabb7d8145656ea8cd4303fd (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
Fix CVE-2016-5118 (popen() shell vulnerability via filename).
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5118
Upstream patch copied from the bug announcement:
http://seclists.org/oss-sec/2016/q2/432
https://marc.info/?l=oss-security&m=146455222600609&w=2
diff -r 33200fc645f6 magick/blob.c
--- a/magick/blob.c Sat Nov 07 14:49:16 2015 -0600
+++ b/magick/blob.c Sun May 29 14:12:57 2016 -0500
@@ -68,6 +68,7 @@
*/
#define DefaultBlobQuantum 65541
+#undef HAVE_POPEN
/*
Enum declarations.
|