1 files changed, 22 insertions, 0 deletions

diff --git a/dev-vcs/cvs/files/cvs-1.12.12-CVE-2017-12836-commandinjection.patch b/dev-vcs/cvs/files/cvs-1.12.12-CVE-2017-12836-commandinjection.patch
new file mode 100644
index 000000000000..87b1fdc9584c
--- /dev/null
+++ b/dev-vcs/cvs/files/cvs-1.12.12-CVE-2017-12836-commandinjection.patch
@@ -0,0 +1,22 @@
+diff -Naurp a/src/rsh-client.c b/src/rsh-client.c
+--- a/src/rsh-client.c	2005-03-15 18:45:10.000000000 +0100
++++ b/src/rsh-client.c	2017-08-26 17:43:23.228060155 +0200
+@@ -97,6 +97,9 @@ start_rsh_server (cvsroot_t *root, struc
+ 	rsh_argv[i++] = root->username;
+     }
+ 
++    /* Only non-option arguments from here. (CVE-2017-12836) */
++    rsh_argv[i++] = "--";
++
+     rsh_argv[i++] = root->hostname;
+     rsh_argv[i++] = cvs_server;
+     rsh_argv[i++] = "server";
+@@ -171,6 +174,8 @@ start_rsh_server (cvsroot_t *root, struc
+ 	    *p++ = root->username;
+ 	}
+ 
++	*p++ = "--";
++
+ 	*p++ = root->hostname;
+ 	*p++ = command;
+ 	*p++ = NULL;