22364960 problem in PYTHON-MOD/PYGMENTS
authorDanek Duvall <danek.duvall@oracle.com>
Tue, 19 Jan 2016 14:00:51 -0800
changeset 5295 5c98bff030f2
parent 5293 bb35a9811599
child 5297 e9b84fd24a41
22364960 problem in PYTHON-MOD/PYGMENTS
components/python/pygments/patches/CVE-2015-8557.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/python/pygments/patches/CVE-2015-8557.patch	Tue Jan 19 14:00:51 2016 -0800
@@ -0,0 +1,24 @@
+This patch is pulled from upstream; once we pull in 2.1 or newer, it will
+no longer be necessary.
+
+--- Pygments-1.6/pygments/formatters/img.py	Tue Jan 12 15:06:52 2016
++++ Pygments-1.6/pygments/formatters/img.py	Tue Jan 12 15:08:24 2016
[email protected]@ -9,6 +9,7 @@
+     :license: BSD, see LICENSE for details.
+ """
+ 
++import shlex
+ import sys
+ 
+ from pygments.formatter import Formatter
[email protected]@ -73,8 +74,8 @@
+ 
+     def _get_nix_font_path(self, name, style):
+         from commands import getstatusoutput
+-        exit, out = getstatusoutput('fc-list "%s:style=%s" file' %
+-                                    (name, style))
++        exit, out = getstatusoutput('fc-list %s file' %
++                                    shlex.quote("%s:style=%s" % (name, style)))
+         if not exit:
+             lines = out.splitlines()
+             if lines: