* Alexander Sack:
> On Fri, Sep 23, 2005 at 04:38:38PM +0200, Florian Weimer wrote:
>> - # Protect quotes and $ in command-line arguments from two shell evals
>> - moreargs="$moreargs \"$(echo "$1" | sed -e 's/"/\\\"/g' \
>> - -e 's/[$]/\\
* Alexander Sack:
> Thanks for the patch. If there is no other solution, I will use bash
> instead of sh. Do I need to add bash to the Depends explicitly?
No, bash is marked essential, and you need not declare any
dependencies on such packages. (Otherwise I would not have proposed
this change.)
On Fri, Sep 23, 2005 at 04:38:38PM +0200, Florian Weimer wrote:
> - # Protect quotes and $ in command-line arguments from two shell evals
> - moreargs="$moreargs \"$(echo "$1" | sed -e 's/"/\\\"/g' \
> - -e 's/[$]/\\\$/g')\""
> + [EMAI
Thanks for the patch. If there is no other solution, I will use bash
instead of sh. Do I need to add bash to the Depends explicitly?
On Fri, Sep 23, 2005 at 04:38:38PM +0200, Florian Weimer wrote:
>
> I can't get the "@@ -334,9 +331,9 @@" hunk to execute on my machine,
> so more testing is needed
* Alexander Sack:
>> Uhm, it's still exploitable anway. This time, the command is:
>>
>> mozilla-thunderbird --compose 'mailto:'\''`df`'\'
>>
>
> Bad ... so this is the wrong approach.
>
> You have an idea on how to fix the original script in a minimal way?
A compromise between robustness an
On Fri, Sep 23, 2005 at 03:49:12PM +0200, Florian Weimer wrote:
> * Florian Weimer:
>
> > * Alexander Sack:
> >
> >> Attached a start script that should fix this issue ...
> >
> >> echo moreargs $moreargs
> >
> > This seems to be some debugging cruft. Have you sent the correct
> > version?
>
> U
* Florian Weimer:
> * Alexander Sack:
>
>> Attached a start script that should fix this issue ...
>
>> echo moreargs $moreargs
>
> This seems to be some debugging cruft. Have you sent the correct
> version?
Uhm, it's still exploitable anway. This time, the command is:
mozilla-thunderbird --c
On Fri, Sep 23, 2005 at 03:41:02PM +0530, Y Giridhar Appaji Nag wrote:
> merge 329664 329667
> thanks
>
> On 05/09/22 17:27 +0200, Florian Weimer said ...
> > Package: mozilla-thunderbird
> > Version: 1.0.6-3
> > Severity: grave
> > Tags: security
> >
> > The --compose option executes shell comma
* Alexander Sack:
> Attached a start script that should fix this issue ...
> echo moreargs $moreargs
This seems to be some debugging cruft. Have you sent the correct
version?
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Processing commands for [EMAIL PROTECTED]:
> merge 329664 329667
Bug#329664: shell command execution
Bug#329667: mozilla-thunderbird --compose executes shell commands
Merged 329664 329667.
> thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking
merge 329664 329667
thanks
On 05/09/22 17:27 +0200, Florian Weimer said ...
> Package: mozilla-thunderbird
> Version: 1.0.6-3
> Severity: grave
> Tags: security
>
> The --compose option executes shell commands:
>
> mozilla-thunderbird --compose 'mailto:`df`'
>
> The df output appears in the T
Package: mozilla-thunderbird
Version: 1.0.6-3
Severity: grave
Tags: security
The --compose option executes shell commands:
mozilla-thunderbird --compose 'mailto:`df`'
The df output appears in the To: line of the message.
(This is related to the recently disclosed Firefox bug, which does not
s
12 matches
Mail list logo