[CVE-2013-2208] Don't execute commands with --exec by default

Open xtaran opened this issue 12 years ago • 1 comments

tpp's --exec feature is potentially a security risk when using with presentations from untrusted sources. (Originally reported against tpp in Debian at http://bugs.debian.org/706644)

This commit disables execution of --exec parameters by default and adds an option -x to reenable the --exec feature only on explicit request.

Jun 12 '13 21:06 xtaran

The CVE id CVE-2013-2208 has been assigned to this issue.

Jun 21 '13 17:06 xtaran