Re: [Bug 1909941] Re: xdg-email changes break simple-scan email functionality

Tue, 12 Jan 2021 12:15:45 -0800 

It seems another error in claws-mail, not related to the xdg-utils
vulnerability. Please file a separate bug against the claws-mail
package. I ran "xdg-email --attach test.txt evil-t...@mymedia.su" via
strace and had the following in the terminal.

ubuntu@ubuntu:~$ LANG=C.UTF-8 apt-cache policy xdg-utils claws-mail
xdg-utils:
  Installed: 1.1.3-2ubuntu1.20.04.2
  Candidate: 1.1.3-2ubuntu1.20.04.2
  Version table:
 *** 1.1.3-2ubuntu1.20.04.2 500
        500 http://security.ubuntu.com/ubuntu focal-security/main amd64 Packages
        500 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages
        100 /var/lib/dpkg/status
     1.1.3-2ubuntu1 500
        500 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages
claws-mail:
  Installed: 3.17.5-2
  Candidate: 3.17.5-2
  Version table:
 *** 3.17.5-2 500
        500 http://archive.ubuntu.com/ubuntu focal/universe amd64 Packages
        100 /var/lib/dpkg/status

ubuntu@ubuntu:~$ echo qwerty >test.txt
ubuntu@ubuntu:~$ strace -s 256 -f -qq -e 'trace=%process' -e 'signal=!all' -P 
`which claws-mail` env LANG=C.UTF-8 xdg-email --attach test.txt 
evil-t...@mymedia.su
execve("/usr/bin/claws-mail", ["claws-mail", 
"mailto:evil-t...@mymedia.su?attach=/home/ubuntu/test.txt";], 0x555673c99df0 /* 
51 vars */) = 0
Gtk-Message: 19:53:06.153: Failed to load module "canberra-gtk-module"
/home/ubuntu/.claws-mail/toolbar_compose.xml: fopen: No such file or directory

(claws-mail:6012): Claws-Mail-WARNING **: 19:53:06.754: can't open signature 
file: '/home/ubuntu/.signature'
ubuntu@ubuntu:~$ 

I had changed default mail application to Claws Mail. It displayed a
strange error message, "File Reply-To: doesn't exist or permission
denied". See my attached screenshot.


** Attachment added: "VirtualBox_KRika_12_01_2021_22_53_13.png"
   
https://bugs.launchpad.net/bugs/1909941/+attachment/5452402/+files/VirtualBox_KRika_12_01_2021_22_53_13.png

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1909941

Title:
  xdg-email changes break simple-scan email functionality

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xdg-utils/+bug/1909941/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to