On Thu, Jan 24, 2019 at 02:34:35PM +0000, Colin Watson wrote: > The "<>" operator is implemented using the two-argument form of "open", > which interprets magic such as pipe characters, allowing execution of > arbitrary commands which is unlikely to be expected. Perl >= 5.22 has a > "<<>>" operator which avoids this, but also forbids the use of "-" to > mean the standard input, which is a facility that the affected groff > programs document. [...]
Has anyone had a chance to review this patch (also in https://savannah.gnu.org/bugs/?55557, after Deri's suggestion)? Should I just go ahead and commit it? I'm going to upload this patch to Debian unstable shortly in the cause of getting release-critical bug fixes in ahead of our upcoming full freeze, but it would be better to get it into upstream as well. Thanks, -- Colin Watson [cjwat...@debian.org]
