File newsbeuter-2.9-CVE-2017-12904.patch of Package newsbeuter

diff -urEbwB newsbeuter-2.9/src/controller.cpp newsbeuter-2.9.new/src/controller.cpp
--- newsbeuter-2.9/src/controller.cpp	2015-02-19 11:56:59.000000000 +0100
+++ newsbeuter-2.9.new/src/controller.cpp	2018-01-18 11:49:48.479317816 +0100
@@ -1275,9 +1275,11 @@
 	std::string bookmark_cmd = cfg.get_configvalue("bookmark-cmd");
 	bool is_interactive = cfg.get_configvalue_as_bool("bookmark-interactive");
 	if (bookmark_cmd.length() > 0) {
-		std::string cmdline = utils::strprintf("%s '%s' %s %s",
-		                                       bookmark_cmd.c_str(), utils::replace_all(url,"'", "%27").c_str(),
-		                                       stfl::quote(title).c_str(), stfl::quote(description).c_str());
+		std::string cmdline = utils::strprintf("%s '%s' '%s' '%s'",
+												bookmark_cmd.c_str(),
+												utils::replace_all(url,"'", "%27").c_str(),
+												utils::replace_all(title,"'", "%27").c_str(),
+												utils::replace_all(description,"'", "%27").c_str());
 
 		LOG(LOG_DEBUG, "controller::bookmark: cmd = %s", cmdline.c_str());
 
openSUSE Build Service is sponsored by