[bug-patch] ed scripts allow arbitrary code execution

Hello. From responses to the 'beep' bug it was noticed that GNU patch files can result in arbitrary code execution via 'ed'. [1] Included is a patch that removes that dangerous feature. From 3f47f3052dfdc79d4fd9dca8db27a7a80227fd40 Mon Sep

[bug-patch] ed scripts allow arbitrary code execution

Hello. I see that my patch [1] was overlooked and then [2] was written the next day. It introduces at least 2 new code executions vulnerabilities relating to filenames containing $(..). I would recommend you avoid executing /bin/sh. [1]