Package: reportbug-ng Version: 0.2007.10.30 Severity: serious Tags: security
--- Please enter the report below this line. --- Can create a bugreport against itself, indeed :) How to encounter this bug (do NOT repeat following steps on a production system unless you have read "conclusions" below and really know what you are doing - use a testing environment or wait until you have installed a reportbug-ng version with this bug fixed): ------------------------------------------------------------------------- (1) In a running reportbug-ng instance hit Ctrl-N to create a new bugreport. (2) In input field "summary" enter a string containing a doublequote and later a * character. My first "unintended trial" was crash on exit "glibc detected *** amarokapp: corrupted double-linked list: 0x0808ded0" Observed result: ---------------- Kmail compose window pops up, with all file names in $PWD of reportbug-ng added to recipients list. Conclusions: ------------ (A) Proper escaping of metacharacters in user input strings must ALWAYS be tested prior to releasing software. (B) I am writing this report with my production system, therefore I surely will NOT try redirection characters added to string in step (2). Reporting the possible "surprises" is left to another user :) (C) In /etc/bash.bashrc I have always a statement "set -C" (prohibit overwriting of existing files by redirections apart from ">|"). In /etc/profile (for noninteractive shells) unfortunately I had to remove it because it would brake a lot of scripts in Debian packages. This bug is perhaps related to: ------------------------------- http://bugs.debian.org/474955 --- System information. --- Architecture: i386 Kernel: Linux 2.6.23.12roland2 Debian Release: lenny/sid 500 unstable gd.tuwien.ac.at 500 testing security.debian.org 500 testing gd.tuwien.ac.at 500 oldstable gd.tuwien.ac.at 1 experimental gd.tuwien.ac.at --- Package information. --- Depends (Version) | Installed =============================-+-=========== python | 2.5.2-1 python-central (>= 0.5.8) | 0.6.7 python-qt3 | 3.17.4-1 python-soappy | 0.12.0-2 xdg-utils | 1.0.1-2 -- Roland Eggner -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
