On Monday 29 October 2007 23:02, Eduard Bloch wrote: > Yes, yes, but that's more complicated. I just tried to rewrite this > script in "good Perl" and it's a lot more work to do it right. > > Security team: please consider using the attached patch. It is a quick > fix which uses libstring-shellquote-perl on @ARGV instead of the stupid > doublequote protection before.
I see from the bug log that the suggested patch turned out to be not sufficient. Do you as the maintainer have a suggestion for an updated patch to fix the issue in stable? thanks, Thijs
pgpDTFHyVtiJe.pgp
Description: PGP signature
