Bug#930908: general: incorrect rules for %s in /etc/mailcap yielding potentially unquoted metacharacters

On 2019-06-22 10:51:35 +0200, Vincent Lefevre wrote: > The /etc/mailcap file contains many rules with '%s' instead of %s, > for instance: > > text/*; less '%s'; needsterminal > audio/ogg; ogginfo '%s'; copiousoutput > > This is incorrect. [...] I suppose that the update-mime script could automat

Bug#930918: ITP: ruby-webpacker -- use webpack to manage app-like JavaScript modules in Rails

Package: wnpp Severity: wishlist Owner: Jongmin Kim * Package name: ruby-webpacker Version : 4.0.7 Upstream Author : David Heinemeier Hansson * URL : https://github.com/rails/webpacker * License : Expat Programming Lang: Ruby Description : use webpack

Bug#930912: ITP: psu-targets -- adds power supply targets to systemd

Package: wnpp Severity: wishlist Owner: Stephan Lachnit -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 * Package name: psu-targets Version : 1 Upstream Author : Stephan Lachnit * URL : https://github.com/stephanlachnit/psu-targets * License : GPL-3 Program

Bug#930908: general: incorrect rules for %s in /etc/mailcap yielding potentially unquoted metacharacters

On 2019-06-22 10:51:35 +0200, Vincent Lefevre wrote: > execve("/home/vinc17/bin/sh.screen", ["sh", "-c", "less > ''/var/tmp/_.txt''"], 0x564ffe666f40 /* 132 vars */) = 0 > > i.e. the filename is eventually not quoted! > > Here the filename is sanitized, but I'm not sure that this is always > t

Bug#930908: general: incorrect rules for %s in /etc/mailcap yielding potentially unquoted metacharacters

On 2019-06-22 10:51:35 +0200, Vincent Lefevre wrote: [...] > as seen in strace output: > > execve("/home/vinc17/bin/sh.screen", ["sh", "-c", "less > ''/var/tmp/_.txt''"], 0x564ffe666f40 /* 132 vars */) = 0 FYI, the sh.screen is due to a modification I've done and is used as a sh wrapper to sup

Processed: Re: general: incorrect rules for %s in /etc/mailcap yielding potentially unquoted metacharacters

Processing commands for cont...@bugs.debian.org: > affects 930908 mutt Bug #930908 [general] general: incorrect rules for %s in /etc/mailcap yielding potentially unquoted metacharacters Added indication that 930908 affects mutt > End of message, stopping processing here. Please contact me if you

Bug#930908: general: incorrect rules for %s in /etc/mailcap yielding potentially unquoted metacharacters

Package: general Severity: grave Tags: security Justification: user security hole Affects: mutt The /etc/mailcap file contains many rules with '%s' instead of %s, for instance: text/*; less '%s'; needsterminal audio/ogg; ogginfo '%s'; copiousoutput This is incorrect. For instance, Mutt quotes th

Re: Re: Programs contain ads - acceptable for packaging for Debian?

This applies to any program which downloads ads from the network at runtime. Serious problems with this: * We don't know what ads might be displayed and whether we would think them inappropriate, offensive, legally risky, or whatever. * Downloading ads at runtime is a security risk: it