Your message dated Tue, 12 Apr 2005 17:47:06 -0400
with message-id <[EMAIL PROTECTED]>
and subject line Bug#292777: fixed in imms 2.0.3-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 29 Jan 2005 19:10:43 +0000
>From [EMAIL PROTECTED] Sat Jan 29 11:10:42 2005
Return-path: <[EMAIL PROTECTED]>
Received: from maxwell.derobert.net [207.188.193.82]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CuxzW-0002zT-00; Sat, 29 Jan 2005 11:10:42 -0800
Received: from bohr.home ([192.168.65.5])
by Maxwell.derobert.net with esmtp (Exim 3.35 #1 (Debian))
id 1CuxzT-0004Wg-00; Sat, 29 Jan 2005 14:10:39 -0500
Received: from anthony by bohr.home with local (Exim 4.34)
id 1CuxzT-00066w-2o; Sat, 29 Jan 2005 14:10:39 -0500
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Anthony DeRobertis <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: Allows arbitrary command execution from filenames
X-Mailer: reportbug 3.2
Date: Sat, 29 Jan 2005 14:10:38 -0500
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: imms
Version: 2.0.1-3
Severity: grave
File: /usr/bin/analyzer
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I was using analyzer on my music collection, and found this:
[EMAIL PROTECTED]:Claude Debussy$ analyzer 'Claude Debussy - Prelude "La Fille
aux cheveux de lin".ogg';
sox: Can't open input file '/var/www/music/Maxwell/Classical/Claude
Debussy/Claude Debussy - Prelude La': No such file or directory
A little work reveals this fun:
[EMAIL PROTECTED]:tmp$ touch '`echo $HOME`'
[EMAIL PROTECTED]:tmp$ analyzer '`echo $HOME`'
sox: Can't open input file '/tmp//home/anthony': No such file or directory
Considering how common playing files with untrusted names is (e.g., xmms
set as browser helper), this is quite a problem.
The problem is the popen on line 53 of analyzer.cc
- -- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (500, 'testing'), (130, 'unstable'), (120, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.10-bohr
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages imms depends on:
ii fftw3 3.0.1-11 Library for computing Fast Fourier
ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an
ii libgcc1 1:3.4.3-6 GCC support library
ii libglib1.2 1.2.10-9 The GLib library of C routines
ii libglib2.0-0 2.6.1-2 The GLib library of C routines
ii libgtk1.2 1.2.10-17 The GIMP Toolkit set of widgets fo
ii libpcre3 4.5-1.1 Perl 5 Compatible Regular Expressi
ii libsqlite3-0 3.0.8-3 SQLite 3 shared library
ii libstdc++5 1:3.3.5-5 The GNU Standard C++ Library v3
ii libtag1 1.3.1-1 TagLib Audio Meta-Data Library
ii libx11-6 4.3.0.dfsg.1-10 X Window System protocol client li
ii libxext6 4.3.0.dfsg.1-10 X Window System miscellaneous exte
ii libxi6 4.3.0.dfsg.1-10 X Window System Input extension li
ii xlibs 4.3.0.dfsg.1-10 X Keyboard Extension (XKB) configu
ii xmms 1.2.10-2 Versatile X audio player that look
ii zlib1g 1:1.2.2-3 compression library - runtime
- -- no debconf information
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFB+9+u+z+IwlXqWf4RAgVbAJwN1WeCkLAuouyDY9i36I2uvJNSXgCeOARs
COXsXScpCfAVi08DE7ZNBDY=
=Lplc
-----END PGP SIGNATURE-----
---------------------------------------
Received: (at 292777-close) by bugs.debian.org; 12 Apr 2005 21:54:53 +0000
>From [EMAIL PROTECTED] Tue Apr 12 14:54:53 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DLTLR-0001sG-00; Tue, 12 Apr 2005 14:54:53 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1DLTDu-00034G-00; Tue, 12 Apr 2005 17:47:06 -0400
From: Norbert Veber <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#292777: fixed in imms 2.0.3-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Tue, 12 Apr 2005 17:47:06 -0400
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
X-CrossAssassin-Score: 5
Source: imms
Source-Version: 2.0.3-1
We believe that the bug you reported is fixed in the latest version of
imms, which is due to be installed in the Debian FTP archive:
imms_2.0.3-1.diff.gz
to pool/main/i/imms/imms_2.0.3-1.diff.gz
imms_2.0.3-1.dsc
to pool/main/i/imms/imms_2.0.3-1.dsc
imms_2.0.3-1_i386.deb
to pool/main/i/imms/imms_2.0.3-1_i386.deb
imms_2.0.3.orig.tar.gz
to pool/main/i/imms/imms_2.0.3.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Norbert Veber <[EMAIL PROTECTED]> (supplier of updated imms package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 12 Apr 2005 17:29:27 -0400
Source: imms
Binary: imms
Architecture: source i386
Version: 2.0.3-1
Distribution: unstable
Urgency: high
Maintainer: Norbert Veber <[EMAIL PROTECTED]>
Changed-By: Norbert Veber <[EMAIL PROTECTED]>
Description:
imms - Unobtrusive, automatic, and learning XMMS playlist manager
Closes: 223343 245139 245928 285828 292777 301831
Changes:
imms (2.0.3-1) unstable; urgency=high
.
* New upstream release
Closes: #301831
* Contains better fix for the command execution security problem
described below (see changelog entry for version 2.0.1-3.1)
Closes: #292777, #285828
* The XMMS queue now works properly
Closes: #245928
* Now works with xmms-crossfade
Closes: #223343
* Random song skips should no longer occur
Closes: #245139
Files:
803c9cf1c4e4a54202ededb38a3a6a6a 670 utils optional imms_2.0.3-1.dsc
87d8c27968459cc2cdd4f88a37531363 67359 utils optional imms_2.0.3.orig.tar.gz
595a629e48f74bfd4e36927a8b250908 44015 utils optional imms_2.0.3-1.diff.gz
923e679b643cf9ac96e2ec3e8a3ef41a 298708 utils optional imms_2.0.3-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCXD7uohfEw14utbQRAk9pAJ9KFFL+UfdgF4dPBfmdhLpeJQSAawCgiwje
oVgZImvt7wLKrXFtlUww7w8=
=c2a2
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
