> dictl (unlike dict) does not handle apostrophe correctly:
> 
> % dictl "won't"
> /usr/bin/dictl: 1: eval: Syntax error: Unterminated quoted string
> 
> 
> This means arbitrary code execution if dictl is used in a script
> accepting untrusted data (but dictl is not suitable for such scripts
> anyway due to lack of "--" argument support):
> 
> % dictl -- "asdfasdf';echo qqq;beep;':"
> No definitions found for "asdfasdf"
> qqq

Fixed in upstream a bit differently.
http://dict.cvs.sourceforge.net/viewvc/dict/dictd1/dictl.in?r1=1.14&r2=1.15

Thanks a lot!

-- 
Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir
belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de



-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to