syntax-highlighting.sh: Fix command injection. By not quoting the argument, an attacker with the ability to add files to the repository could pass arbitrary arguments to the highlight command, in particular, the --plug-in argument which can lead to arbitrary command execution. This patch adds simple argument quoting. External references: http://git.zx2c4.com/cgit/commit/?id=7ea35f9f8ecf61ab42be9947aae1176ab6e089bd
Created attachment 634444 [details] cgit-CVE-2012-4548.patch
Created cgit tracking bugs for this issue Affects: fedora-all [bug 870714]
Created cgit tracking bugs for this issue Affects: epel-all [bug 870715]