FreeBSD -- shell injection vulnerability in patch(1)

Problem Description:

Due to insufficient sanitization of the input patch stream, it is possible for a patch file to cause patch(1) to pass certain ed(1) scripts to the ed(1) editor, which would run commands.

Impact:

This issue could be exploited to execute arbitrary commands as the user invoking patch(1) against a specially crafted patch file, which could be leveraged to obtain elevated privileges.