Package: comix
Version: 3.6.4-1
Severity: grave
Justification: user security hole
Tags: security
*** Please type your report below this line ***
Comix uses insufficient shell escaping when calling external programs
(rar/unrar, jpegtran)
6280 files = \
6281 os.popen(self.rar + ' vb "' + path +
6282 '"').readlines()
6305 os.popen(self.rar + ' p -inul -- "' + path +
'" "' +
6306 cover + '" > "' + thumb_dir +
6307 '/temp" 2>/dev/null', "r").close()
8736 os.popen(
8737 self.rar + ' x "' + src_path + '" "' + dst_path +
'"')
9171 os.popen(self.jpegtran + ' -copy all -trim ' + operation +
9172 ' -outfile "' + self.file[self.file_number] + '" "' +
9173 self.file[self.file_number] + '"')
This all bombs out when faced with file or directory names that contain
the double quote character (") or a backslash.
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (700, 'testing'), (500, 'stable'), (400, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.22-3-686 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages comix depends on:
ii gconf2 2.20.1-2 GNOME configuration database syste
ii python 2.4.4-6 An interactive high-level object-o
ii python-gtk2 2.12.1-1 Python bindings for the GTK+ widge
ii python-imaging 1.1.6-1 Python Imaging Library
comix recommends no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
