diff -up patch-2.7.6/src/pch.c.CVE-2018-20969 patch-2.7.6/src/pch.c

--- patch-2.7.6/src/pch.c.CVE-2018-20969	2019-09-02 15:40:09.087994204 +0200

+++ patch-2.7.6/src/pch.c	2019-09-02 15:42:23.486485786 +0200

@@ -2459,9 +2459,6 @@ do_ed_script (char const *inname, char c

 	    *outname_needs_removal = true;

 	    copy_file (inname, outname, 0, exclusive, instat.st_mode, true);

 	  }

-	sprintf (buf, "%s %s%s", editor_program,

-		 verbosity == VERBOSE ? "" : "- ",

-		 outname);

 	fflush (stdout);

 	pid = fork();

@@ -2470,7 +2467,8 @@ do_ed_script (char const *inname, char c

 	else if (pid == 0)

 	  {

 	    dup2 (tmpfd, 0);

-	    execl ("/bin/sh", "sh", "-c", buf, (char *) 0);

+	    assert (outname[0] != '!' && outname[0] != '-');

+	    execlp (editor_program, editor_program, "-", outname, (char  *) NULL);

 	    _exit (2);

 	  }

 	else