diff --git a/backport-0002-CVE-2022-48337.patch b/backport-0002-CVE-2022-48337.patch new file mode 100644 index 0000000000000000000000000000000000000000..a07e5c9db37fcc7309339c5578176167f7a955d6 --- /dev/null +++ b/backport-0002-CVE-2022-48337.patch @@ -0,0 +1,25 @@ +From ab998b90206733f2cd9b009dcdb8e5567834ed3b Mon Sep 17 00:00:00 2001 +From: Super User +Date: Mon, 25 Sep 2023 14:32:05 +0800 +Subject: [PATCH] backport 0002 CVE-2022-48337 + +--- + lib-src/etags.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/lib-src/etags.c b/lib-src/etags.c +index 5d0eed2..5399008 100644 +--- a/lib-src/etags.c ++++ b/lib-src/etags.c +@@ -1680,6 +1680,8 @@ process_file_name (char *file, language *lang) + int buf_len = strlen (compr->command) + strlen (" > ") + strlen (new_real_name) + strlen (new_tmp_name) + 1; + char *cmd = xmalloc (buf_len); + snprintf (cmd, buf_len, "%s %s > %s", compr->command, new_real_name, new_tmp_name); ++ free (new_real_name); ++ free (new_tmp_name); + #endif + int tmp_errno; + if (system (cmd) == -1) +-- +2.41.0 + diff --git a/emacs.spec b/emacs.spec index 9cfb938e1595d3c89f2053893d16acee3b8edf17..3ab1f35b806e23179a92ec0ae0c4c36287f146fa 100644 --- a/emacs.spec +++ b/emacs.spec @@ -8,7 +8,7 @@ Name: emacs Epoch: 1 Version: 27.2 -Release: 10 +Release: 11 Summary: An extensible GNU text editor License: GPLv3+ and CC0-1.0 URL: http://www.gnu.org/software/emacs @@ -30,6 +30,7 @@ Patch6005: backport-CVE-2022-48337.patch Patch6006: backport-CVE-2022-48338.patch Patch6007: backport-CVE-2022-48339.patch Patch6008: backport-CVE-2023-28617.patch +Patch6009: backport-0002-CVE-2022-48337.patch Patch9000: emacs-deal-taboo-words.patch BuildRequires: gcc atk-devel cairo-devel freetype-devel fontconfig-devel dbus-devel giflib-devel @@ -412,6 +413,9 @@ fi %{_mandir}/*/* %changelog +* Mon Sep 25 2023 leeffo - 1:27.2-11 +- fix CVE-2022-48337 + * Fri Mar 24 2023 zhangpan - 1:27.2-10 - fix CVE-2023-28617