Red Hat Bugzilla – Bug 31520
db2XXX scripts have unsecure parameter passing
Last modified: 2008-05-01 11:38:00 EDT
The db2pdf(*), db2dvi, db2ps, and db2rtf are all of
jw -f docbook -b rtf $*
while they should be:
jw -f docbook -b rtf "$*"
in case any of the passed options have IFS characters in them...
(*) The db2pdf is at package docbook-utils-pdf which isn't listed at RH
(ITYM "$@".) Thanks for spotting it.
Fixed in docbook-utils-0.6-12 in rawhide, although I don't think it's really a