Overview

File _patchinfo of Package patchinfo.2500

<patchinfo>
  <issue id="855340" tracker="bnc">CVE-2013-7069: ack: potential remote code execution via per-project .ackrc files</issue>
  <issue id="CVE-2013-7069" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>AndreasStieger</packager>
  <description>
- update to ack 2.12:
  fixes potential remote code execution via per-project .ackrc files
   [bnc#855340] [CVE-2013-7069]
  * prevents the --pager, --regex and --output options from being
    used from project-level ackrc files, preventing possible code
    execution when using ack through malicious files
  * --pager, --regex and --output options may still be used from
    the global /etc/ackrc, your own private ~/.ackrc, the ACK_OPTIONS
    environment variable, and of course from the command line.
  * Now ignores Eclipse .metadata directory.
- includes changes form 2.11_02:
  * upstream source mispackaging fix
- includes changes from 2.11_01
  * Fixed a race condition in t/file-permission.t that was causing
    failures if tests were run in parallel.
- includes changes from 2.10:
  * Add --perltest for *.t files
  * Added Matlab support
  * More compatibility fixes for Perl 5.8.8.
- includes changes from 2.08
  * ack now ignores CMake's build/cache directories by default
  * Add shebang matching for --lua files
  * Add documentation for --ackrc
  * Add Elixir filetype
  * Add --cathy option
  * Add some helpful debugging tips when an invalid option is found
  * Ignore PDF files by default, because Perl will detect them as text
  * Ignore .gif, .jpg, .jpeg and .png files.  They won't normally be
    selected, but this is an optimization so that ack doesn't have to
    open them to know
  * Ack's colorizing of output would get confused with multiple sets
    of parentheses
  * Ack would get confused when trying to colorize the output in
    DOS-format files
- includes changes from 2.05_01
  * We now ignore the node_modules directories created by npm
  * --pager without an argument implies --pager=$PAGER
  * --perl now recognizes Plack-style .psgi files
  * Added filetypes for Coffescript, JSON, LESS, and Sass.
  * Command-line options now override options set in ackrc files
  * ACK_PAGER and ACK_PAGER_COLOR now work as advertised.
  * Fix a bug resulting in uninitialized variable warnings when more
    than one capture group was specified in the search pattern
  * Make sure ack is happy to build and test under cron and other
    console-less environments.
- packaging changes:
  * run more rests with IO::Pty
  * refresh ack-ignore-osc.patch for upstream changes
  * update project URL
- port changes from devel:languages:perl ack by daxim@cpan.org:
  * correct metadata: licence, CPAN download, homepage
  * unset forced prefix - let Perl configuration and toolchain
    determine the prefix/install_base which will DTRT
  * bash completion is gone, remove dead code
- modified patches:
  * ack-ignore-osc.patch adjust for upstream source changes
</description>
  <summary>update for ack</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places