pkgsrc/textproc/miller
fcambus fb8e09aa9f miller: update to 5.9.1.
ChangeLog:

Security update: disallow --prepipe in .mlrrc

As of Miller 5.9.0, you can have a .mlrrc file containing preferred flags.

As reported in #363, it would be possible for someone to prepare a repository
or some other zipfile/tarfile, for example, containing datasets, and send it
to you. They could have a line of the form prepipe do_something_bad; cat in
that repository, so when you ran any mlr commands in there, it would run the
do_something_bad command (whatever that might be).

The fix is (a) disallow prepipe within .mlrrc files; (b) as a consolation,
allow new prepipe-zcat and prepipe-gunzip options which are safe to use.

Fixes CVE-2020-15167.
2020-09-03 08:14:13 +00:00
..
DESCR
distinfo miller: update to 5.9.1. 2020-09-03 08:14:13 +00:00
Makefile miller: update to 5.9.1. 2020-09-03 08:14:13 +00:00
PLIST