[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] Fix ob-latex.el command injection vulnerability.
|
From: |
lux |
|
Subject: |
Re: [PATCH] Fix ob-latex.el command injection vulnerability. |
|
Date: |
Sat, 11 Mar 2023 18:57:55 +0800 |
|
User-agent: |
Evolution 3.46.4 (3.46.4-1.fc37) |
On Sat, 2023-03-11 at 10:47 +0000, Ihor Radchenko wrote:
>
> I am afraid that we cannot make things universally safe here without
> breaking changes. The best way will be treating :cmd and similar
> header
> args as unsafe and include them into the planned safety prompt system
> we
> discussed in https://orgmode.org/list/87edsd5o89.fsf@localhost
>
Ok, I'll undo this part of the changes first, and repost patch.
0001-lisp-ob-latex.el-Fix-command-injection-vulnerability.patch
Description: Text Data
- Re: [PATCH] Fix ob-latex.el command injection vulnerability., (continued)
Re: [PATCH] Fix ob-latex.el command injection vulnerability., Max Nikulin, 2023/03/07
- Re: [PATCH] Fix ob-latex.el command injection vulnerability., lux, 2023/03/07
- Re: [PATCH] Fix ob-latex.el command injection vulnerability., lux, 2023/03/08
- Re: [PATCH] Fix ob-latex.el command injection vulnerability., Ihor Radchenko, 2023/03/09
- Re: [PATCH] Fix ob-latex.el command injection vulnerability., Max Nikulin, 2023/03/09
- Re: [PATCH] Fix ob-latex.el command injection vulnerability., lux, 2023/03/11
- Re: [PATCH] Fix ob-latex.el command injection vulnerability., Ihor Radchenko, 2023/03/11
- Re: [PATCH] Fix ob-latex.el command injection vulnerability.,
lux <=
- Re: [PATCH] Fix ob-latex.el command injection vulnerability., Ihor Radchenko, 2023/03/12