I'm reluctant to apply this patch for two reasons. 1) (compile-file) still does manual quoting on mingw32 (see the "crapshell" variable) and I'm not convinced this is correct with the quoting change in (qs). 2) The API docs for (qs) explicitly state that it escapes metacharacters with backslash on UNIX, so someone could be using it to do exactly that.
If someone can convince me these are both non-issues I'll definitely apply it. Jim On May 15, 2013, at 4:25 AM, Răzvan Rotaru <razvan.rot...@gmail.com> wrote: > Hi, > > I did a test with the latest chicken from the development repository and it's > working fine. Thanks. > > Can this fix be applied to the stability branch as well? > > Răzvan > > > > On 9 May 2013 18:09, Peter Bex <peter....@xs4all.nl> wrote: > On Tue, Apr 23, 2013 at 05:57:29PM +0300, Răzvan Rotaru wrote: > > I see that the fix is not yet included in the main branch. What's the right > > aproach here? Shall I record a bug for it? Can I make pull requests > > directly to the core repository? > > Sorry for the (very) late reply. > > Can you try out whether the fix for CVE-2013-2024 fixes it? > That's changeset 58684f69572453acc6fed7326fa9df39be98760e. > > Cheers, > Peter > -- > http://www.more-magic.net > > _______________________________________________ > Chicken-hackers mailing list > Chicken-hackers@nongnu.org > https://lists.nongnu.org/mailman/listinfo/chicken-hackers
_______________________________________________ Chicken-hackers mailing list Chicken-hackers@nongnu.org https://lists.nongnu.org/mailman/listinfo/chicken-hackers
