Package: gnumeric Version: 1.12.48-1 Tags: patch, security Dear Maintainer, the gnumeric package has mailcap entries with quoted %-escapes. That is considered unsafe. Proper escaping should be left to the programs using the entry.
This Lintian tag is triggered: https://lintian.debian.org/tags/quoted-placeholder-in-mailcap-entry.html See also grave bug #930908, which was recently closed because "a Lintian test already exists": https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930908 I'm using the "security" tag because the affected rules in combination with certain mail user agents (or document openers) are the cause of a shell command injection vulnerability. If you need more information let me know. Thanks, MNZ
diff --git a/debian/gnumeric.mime b/debian/gnumeric.mime index f6bea45..2dd4194 100644 --- a/debian/gnumeric.mime +++ b/debian/gnumeric.mime @@ -1,25 +1,25 @@ -application/x-gnumeric; gnumeric '%s'; edit=gnumeric '%s'; compose=gnumeric '%s'; description="Gnumeric spreadsheet"; test=test -n "$DISPLAY"; nametemplate=%s.gnumeric -text/csv; gnumeric '%s'; edit=gnumeric '%s'; description="Comma Separated Values"; test=test -n "$DISPLAY"; nametemplate=%s.csv -application/vnd.ms-excel; gnumeric '%s'; edit=gnumeric '%s'; description="MS Excel spreadsheet"; test=test -n "$DISPLAY"; nametemplate=%s.xls -application/x-excel; gnumeric '%s'; edit=gnumeric '%s'; description="MS Excel spreadsheet"; test=test -n "$DISPLAY"; nametemplate=%s.xls -application/x-ms-excel; gnumeric '%s'; edit=gnumeric '%s'; description="MS Excel spreadsheet"; test=test -n "$DISPLAY"; nametemplate=%s.xls -application/x-msexcel; gnumeric '%s'; edit=gnumeric '%s'; description="MS Excel spreadsheet"; test=test -n "$DISPLAY"; nametemplate=%s.xls -application/x-xls; gnumeric '%s'; edit=gnumeric '%s'; description="MS Excel spreadsheet"; test=test -n "$DISPLAY"; nametemplate=%s.xls -application/x-dos_ms_excel; gnumeric '%s'; edit=gnumeric '%s'; description="MS Excel spreadsheet"; test=test -n "$DISPLAY"; nametemplate=%s.xls -zz-application/zz-winassoc-xls; gnumeric '%s'; edit=gnumeric '%s'; description="MS Excel spreadsheet"; test=test -n "$DISPLAY"; nametemplate=%s.xls -application/vnd.sun.xml.calc; gnumeric '%s'; edit=gnumeric '%s'; description="OpenOffice.org Calc spreadsheet"; test=test -n "$DISPLAY"; nametemplate=%s.sxc -application/vnd.sun.xml.calc.template; gnumeric '%s'; edit=gnumeric '%s'; description="OpenOffice.org Calc spreadsheet template"; test=test -n "$DISPLAY"; nametemplate=%s.stc -application/x-applix; gnumeric '%s'; edit=gnumeric '%s'; description="Applixware Spreadsheets file"; test=test -n "$DISPLAY"; nametemplate=%s.as -application/x-applix-spreadsheet; gnumeric '%s'; edit=gnumeric '%s'; description="Applixware Spreadsheets file"; test=test -n "$DISPLAY"; nametemplate=%s.as -application/vnd.lotus-1-2-3; gnumeric '%s'; edit=gnumeric '%s'; description="Lotus 1-2-3 spreadsheet"; test=test -n "$DISPLAY"; nametemplate=%s.xls -application/x-123; gnumeric '%s'; edit=gnumeric '%s'; description="Lotus 1-2-3 spreadsheet"; test=test -n "$DISPLAY"; nametemplate=%s.xls -text/tab-separated-values; gnumeric '%s'; edit=gnumeric '%s'; description="Tab separated values"; test=test -n "$DISPLAY"; nametemplate=%s.tsv -application/x-mps; gnumeric '%s'; edit=gnumeric '%s'; description="MPS (Mathematical Programming System) linear programming file"; test=test -n "$DISPLAY"; nametemplate=%s.mps -application/x-oleo; gnumeric '%s'; edit=gnumeric '%s'; description="GNU Oleo spreadsheet"; test=test -n "$DISPLAY"; nametemplate=%s.oleo -application/x-planperfect; gnumeric '%s'; edit=gnumeric '%s'; description="PlanPerfect spreadsheet"; test=test -n "$DISPLAY"; nametemplate=%s.pln -application/x-quattropro; gnumeric '%s'; edit=gnumeric '%s'; description="Quattro Pro spreadsheet"; test=test -n "$DISPLAY"; nametemplate=%s.wb1 -application/x-sc; gnumeric '%s'; edit=gnumeric '%s'; description="SC/XSpread spreadsheet"; test=test -n "$DISPLAY"; nametemplate=%s.sc -application/x-sylk; gnumeric '%s'; edit=gnumeric '%s'; description="Multiplan SYLK spreadsheet"; test=test -n "$DISPLAY"; nametemplate=%s.slk -application/x-xbase; gnumeric '%s'; edit=gnumeric '%s'; description="Xbase spreadsheet"; test=test -n "$DISPLAY"; nametemplate=%s.dbf -application/x-lpsolve; gnumeric '%s'; edit=gnumeric '%s'; description="LPSolve Linear Program Solver"; test=test -n "$DISPLAY"; nametemplate=%s.lp -application/vnd.oasis.opendocument.spreadsheet; gnumeric '%s'; edit=gnumeric '%s'; description="OpenDocument Spreadsheet"; test=test -n "$DISPLAY"; nametemplate=%s.ods +application/x-gnumeric; gnumeric %s; edit=gnumeric %s; compose=gnumeric %s; description="Gnumeric spreadsheet"; test=test -n "$DISPLAY"; nametemplate=%s.gnumeric +text/csv; gnumeric %s; edit=gnumeric %s; description="Comma Separated Values"; test=test -n "$DISPLAY"; nametemplate=%s.csv +application/vnd.ms-excel; gnumeric %s; edit=gnumeric %s; description="MS Excel spreadsheet"; test=test -n "$DISPLAY"; nametemplate=%s.xls +application/x-excel; gnumeric %s; edit=gnumeric %s; description="MS Excel spreadsheet"; test=test -n "$DISPLAY"; nametemplate=%s.xls +application/x-ms-excel; gnumeric %s; edit=gnumeric %s; description="MS Excel spreadsheet"; test=test -n "$DISPLAY"; nametemplate=%s.xls +application/x-msexcel; gnumeric %s; edit=gnumeric %s; description="MS Excel spreadsheet"; test=test -n "$DISPLAY"; nametemplate=%s.xls +application/x-xls; gnumeric %s; edit=gnumeric %s; description="MS Excel spreadsheet"; test=test -n "$DISPLAY"; nametemplate=%s.xls +application/x-dos_ms_excel; gnumeric %s; edit=gnumeric %s; description="MS Excel spreadsheet"; test=test -n "$DISPLAY"; nametemplate=%s.xls +zz-application/zz-winassoc-xls; gnumeric %s; edit=gnumeric %s; description="MS Excel spreadsheet"; test=test -n "$DISPLAY"; nametemplate=%s.xls +application/vnd.sun.xml.calc; gnumeric %s; edit=gnumeric %s; description="OpenOffice.org Calc spreadsheet"; test=test -n "$DISPLAY"; nametemplate=%s.sxc +application/vnd.sun.xml.calc.template; gnumeric %s; edit=gnumeric %s; description="OpenOffice.org Calc spreadsheet template"; test=test -n "$DISPLAY"; nametemplate=%s.stc +application/x-applix; gnumeric %s; edit=gnumeric %s; description="Applixware Spreadsheets file"; test=test -n "$DISPLAY"; nametemplate=%s.as +application/x-applix-spreadsheet; gnumeric %s; edit=gnumeric %s; description="Applixware Spreadsheets file"; test=test -n "$DISPLAY"; nametemplate=%s.as +application/vnd.lotus-1-2-3; gnumeric %s; edit=gnumeric %s; description="Lotus 1-2-3 spreadsheet"; test=test -n "$DISPLAY"; nametemplate=%s.xls +application/x-123; gnumeric %s; edit=gnumeric %s; description="Lotus 1-2-3 spreadsheet"; test=test -n "$DISPLAY"; nametemplate=%s.xls +text/tab-separated-values; gnumeric %s; edit=gnumeric %s; description="Tab separated values"; test=test -n "$DISPLAY"; nametemplate=%s.tsv +application/x-mps; gnumeric %s; edit=gnumeric %s; description="MPS (Mathematical Programming System) linear programming file"; test=test -n "$DISPLAY"; nametemplate=%s.mps +application/x-oleo; gnumeric %s; edit=gnumeric %s; description="GNU Oleo spreadsheet"; test=test -n "$DISPLAY"; nametemplate=%s.oleo +application/x-planperfect; gnumeric %s; edit=gnumeric %s; description="PlanPerfect spreadsheet"; test=test -n "$DISPLAY"; nametemplate=%s.pln +application/x-quattropro; gnumeric %s; edit=gnumeric %s; description="Quattro Pro spreadsheet"; test=test -n "$DISPLAY"; nametemplate=%s.wb1 +application/x-sc; gnumeric %s; edit=gnumeric %s; description="SC/XSpread spreadsheet"; test=test -n "$DISPLAY"; nametemplate=%s.sc +application/x-sylk; gnumeric %s; edit=gnumeric %s; description="Multiplan SYLK spreadsheet"; test=test -n "$DISPLAY"; nametemplate=%s.slk +application/x-xbase; gnumeric %s; edit=gnumeric %s; description="Xbase spreadsheet"; test=test -n "$DISPLAY"; nametemplate=%s.dbf +application/x-lpsolve; gnumeric %s; edit=gnumeric %s; description="LPSolve Linear Program Solver"; test=test -n "$DISPLAY"; nametemplate=%s.lp +application/vnd.oasis.opendocument.spreadsheet; gnumeric %s; edit=gnumeric %s; description="OpenDocument Spreadsheet"; test=test -n "$DISPLAY"; nametemplate=%s.ods
