> dictl (unlike dict) does not handle apostrophe correctly: > > % dictl "won't" > /usr/bin/dictl: 1: eval: Syntax error: Unterminated quoted string > > > This means arbitrary code execution if dictl is used in a script > accepting untrusted data (but dictl is not suitable for such scripts > anyway due to lack of "--" argument support): > > % dictl -- "asdfasdf';echo qqq;beep;':" > No definitions found for "asdfasdf" > qqq
Fixed in upstream a bit differently. http://dict.cvs.sourceforge.net/viewvc/dict/dictd1/dictl.in?r1=1.14&r2=1.15 Thanks a lot! -- Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

