--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/python/pygments/patches/CVE-2015-8557.patch Tue Jan 19 14:00:51 2016 -0800
@@ -0,0 +1,24 @@
+This patch is pulled from upstream; once we pull in 2.1 or newer, it will
+no longer be necessary.
+
+--- Pygments-1.6/pygments/formatters/img.py Tue Jan 12 15:06:52 2016
++++ Pygments-1.6/pygments/formatters/img.py Tue Jan 12 15:08:24 2016
+@@ -9,6 +9,7 @@
+ :license: BSD, see LICENSE for details.
+ """
+
++import shlex
+ import sys
+
+ from pygments.formatter import Formatter
+@@ -73,8 +74,8 @@
+
+ def _get_nix_font_path(self, name, style):
+ from commands import getstatusoutput
+- exit, out = getstatusoutput('fc-list "%s:style=%s" file' %
+- (name, style))
++ exit, out = getstatusoutput('fc-list %s file' %
++ shlex.quote("%s:style=%s" % (name, style)))
+ if not exit:
+ lines = out.splitlines()
+ if lines: