GNU Patch has now committed a patch that's supposed to disable the ed-command-injection, but it's not disabling ed patches. I'm not entirely sure how all that works (no idea about ed), I think some people should review if that all makes sense http://git.savannah.gnu.org/cgit/patch.git/commit/?id=123eaff0d5d1aebe128295959435b9ca5909c26d …
-
-
I'm wrong, I misunderstood how it worked. They were already trying to whitelist commands, the bug was that they thought they were in insert mode, but with invalid range ed didn't enter insert mode so data was interpreted as commands. Now ed just quits if range invalid. Seems OK.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
But I'm sure it broke the PoC!
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.