From 66637b10eb336130aa8e6cfcaf8ce2e68b0b9500 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Thu, 17 Sep 2015 16:17:55 +0000 Subject: Fix arbitrary code execution vulnerability MFH: 2015Q3 Security: CVE-2015-0854 Security: d45ad7ae-5d56-11e5-9ad8-14dae9d210b8 --- deskutils/shutter/Makefile | 2 +- deskutils/shutter/files/patch-CVE-2015-0854 | 12 ++++++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) create mode 100644 deskutils/shutter/files/patch-CVE-2015-0854 (limited to 'deskutils/shutter') diff --git a/deskutils/shutter/Makefile b/deskutils/shutter/Makefile index 16b2844c58f1..82bf7c5f1932 100644 --- a/deskutils/shutter/Makefile +++ b/deskutils/shutter/Makefile @@ -3,7 +3,7 @@ PORTNAME= shutter PORTVERSION= 0.93.1 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= deskutils MASTER_SITES= http://shutter-project.org/wp-content/uploads/releases/tars/ diff --git a/deskutils/shutter/files/patch-CVE-2015-0854 b/deskutils/shutter/files/patch-CVE-2015-0854 new file mode 100644 index 000000000000..58e82b0a88ff --- /dev/null +++ b/deskutils/shutter/files/patch-CVE-2015-0854 @@ -0,0 +1,12 @@ +--- share/shutter/resources/modules/Shutter/App/HelperFunctions.pm.orig 2015-09-17 16:09:58 UTC ++++ share/shutter/resources/modules/Shutter/App/HelperFunctions.pm +@@ -53,7 +53,8 @@ sub new { + + sub xdg_open { + my ( $self, $dialog, $link, $user_data ) = @_; +- system("xdg-open $link"); ++ @args = ("xdg-open", "$link"); ++ system(@args); + if($?){ + my $response = $self->{_dialogs}->dlg_error_message( + sprintf( $self->{_d}->get("Error while executing %s."), "'xdg-open'"), -- cgit v1.2.3