GNU Patch has now committed a patch that's supposed to disable the ed-command-injection, but it's not disabling ed patches. I'm not entirely sure how all that works (no idea about ed), I think some people should review if that all makes sense http://git.savannah.gnu.org/cgit/patch.git/commit/?id=123eaff0d5d1aebe128295959435b9ca5909c26d …
I'm wrong, I misunderstood how it worked. They were already trying to whitelist commands, the bug was that they thought they were in insert mode, but with invalid range ed didn't enter insert mode so data was interpreted as commands. Now ed just quits if range invalid. Seems OK.
6:09 PM - 6 Apr 2018
0 replies
2 retweets
12 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.