Your message dated Mon, 29 Dec 2014 17:50:59 +0000
with message-id <20141229175059.ga15...@lupin.home.powdarrmonkey.net>
and subject line Re: Bug#774142: unblock: mime-support/3.58
has caused the Debian Bug report #774142,
regarding unblock: mime-support/3.58
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
774142: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774142
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock
Please unblock package mime-support to fix CVE-2014-0666 in Jessie.
unblock mime-support/3.58
Have a nice day,
and a BIG THANK YOU for your outstanding work.
--
Charles Plessy
Tsurumi, Kanagawa, Japan
diff -Nru mime-support-3.57/debian/changelog mime-support-3.58/debian/changelog
--- mime-support-3.57/debian/changelog 2014-10-04 20:29:52.000000000 +0900
+++ mime-support-3.58/debian/changelog 2014-12-28 15:06:43.000000000 +0900
@@ -1,3 +1,17 @@
+mime-support (3.58) unstable; urgency=high
+
+ * CVE-2014-7209: run-mailcap shell command injection.
+ Thanks to Timothy D. Morgan for the report.
+
+ d156797 Escape file name also when not passed through %s. This
+ avoids command injections using for instance semicolons.
+ b585022 Resolve file name to an absolute path to avoid injection of
+ command arguments with file names starting with dashes etc.
+ Use File::Spec to avoid race conditions with temporary files.
+ Thanks, Salvatore Bonaccorso for the patch.
+
+ -- Charles Plessy <ple...@debian.org> Sun, 28 Dec 2014 14:45:59 +0900
+
mime-support (3.57) unstable; urgency=medium
* Media types added:
diff -Nru mime-support-3.57/run-mailcap mime-support-3.58/run-mailcap
--- mime-support-3.57/run-mailcap 2014-05-25 09:49:18.000000000 +0900
+++ mime-support-3.58/run-mailcap 2014-12-28 15:06:43.000000000 +0900
@@ -11,7 +11,7 @@
use Encode qw(decode);
use I18N::Langinfo qw(langinfo CODESET);
-
+use File::Spec;
$debug=($ENV{RUN_MAILCAP_DEBUG} || 0);
$norun=0;
@@ -469,27 +469,22 @@
}
if ($file ne "-") {
- if ($comm =~ m/[^%]%s/) {
- if (decode(langinfo(CODESET()), $file) =~ m![^[:alnum:],.:/@%^+=_-]!i) {
- $match =~ m/nametemplate=(.*?)\s*($|;)/;
- my $prefix = $1;
- my $linked = 0;
- while (!$linked) {
- $tmplink = TempFile($prefix);
- unlink($tmplink);
- if ($file =~ m!^/!) {
- $linked = symlink($file,$tmplink);
- } else {
- my $pwd = `/bin/pwd`;
- chomp($pwd);
- $linked = symlink("$pwd/$file",$tmplink);
- }
- }
- print STDERR " - filename contains shell meta-characters; aliased to '$tmplink'\n" if $debug;
- $comm =~ s/([^%])%s/$1$tmplink/g;
- } else {
- $comm =~ s/([^%])%s/$1$file/g;
+ # Resolve file name to an absolute path
+ $file = File::Spec->rel2abs($file);
+ if (decode(langinfo(CODESET()), $file) =~ m![^[:alnum:],.:/@%^+=_-]!i) {
+ $match =~ m/nametemplate=(.*?)\s*($|;)/;
+ my $prefix = $1;
+ my $linked = 0;
+ while (!$linked) {
+ $tmplink = TempFile($prefix);
+ unlink($tmplink);
+ $linked = symlink($file,$tmplink);
}
+ $file = $tmplink;
+ print STDERR " - filename contains shell meta-characters; aliased to '$tmplink'\n" if $debug;
+ }
+ if ($comm =~ m/[^%]%s/) {
+ $comm =~ s/([^%])%s/$1$file/g;
} else {
if ($comm =~ m/\|/) {
$comm =~ s/\|/<\Q$file\E \|/;
--- End Message ---
--- Begin Message ---
On Mon, Dec 29, 2014 at 08:03:12PM +0900, Charles Plessy wrote:
> Please unblock package mime-support to fix CVE-2014-0666 in Jessie.
>
> unblock mime-support/3.58
Unblocked.
Thanks,
--
Jonathan Wiltshire j...@debian.org
Debian Developer http://people.debian.org/~jmw
4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
signature.asc
Description: Digital signature
--- End Message ---
