Bug 6236 (CVE-2022-48337-Anolis_OS_7) - [Anolis OS 7] Bugfix for CVE-2022-48337
Summary: [Anolis OS 7] Bugfix for CVE-2022-48337
Status: NEW
Alias: CVE-2022-48337-Anolis_OS_7
Product: Anolis OS 7
Classification: Anolis OS
Component: BaseOS Packages (show other bugs) BaseOS Packages
Version: 7.7
Hardware: All Linux
: P1-Urgent S1-blocker
Target Milestone: ---
Assignee: 杨晓旋
QA Contact: 杨晓旋
URL:
Whiteboard:
Keywords: CVE
Depends on:
Blocks:
 
Reported: 2023-08-25 16:33 UTC by 小龙
Modified: 2023-08-25 16:33 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description 小龙 admin 2023-08-25 16:33:02 UTC
Description:
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input.

Broken commit info:


Bugfix commit info:
https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=01a4035c869b91c153af9a9132c87adb7669ea1c