Yes, I forgot to mention that, but it's the same with xdg-open. `xdg-open`
under
bash doesn't have this issue.
$ xdg-open exploit.jpg
exploit succeeded exploit.jpg
$ bash xdg-open exploit.jpg
(works as expected)
As _local_ is not in POSIX, it would be great if xdg-open was not using
_local_ at
On Wed, Feb 18, 2015 at 9:13 AM, Salvatore Bonaccorso wrote:
> Hi,
>
> On Wed, Feb 11, 2015 at 11:10:24PM +0100, Jiri Horner wrote:
>> Problem is caused by name collision in local variables, which are
>> apparently not very local in this case (maybe also dash problem?)
>
> Just an additional commen
Hi,
On Wed, Feb 11, 2015 at 11:10:24PM +0100, Jiri Horner wrote:
> Problem is caused by name collision in local variables, which are
> apparently not very local in this case (maybe also dash problem?)
Just an additional comment on this: It looks actually as intended that
the initial value is inhe
Package: xdg-utils
Version: 1.1.0~rc1+git20111210-7.3
Severity: grave
Tags: security patch
Justification: user security hole
Hi,
there is a long-standing issue with xdg-open on debian -- it parses all files
it is trying to open. This is easily exploitable. Requirements are similar as
in last RC
4 matches
Mail list logo
