Security update for mime-support CVE-2014-0666
Hello everybody,
I just uploaded a security update for CVE-2014-0666
I attached the debdiff. It is Wheezy's security update applied to Squeeze.
In my understanding, File::Spec is already a core Perl module in Squeeze,
so I do not see any reason why the patch would not work. But I have not
tested it concretely.
I have the email announce ready for debian-lts-announce. Please let me know
if I can send it or if there are issues with this update.
Have a nice day,
--
Charles Plessy
Tsurumi, Kanagawa, Japan
diff -Nru mime-support-3.48/debian/changelog mime-support-3.48/debian/changelog
--- mime-support-3.48/debian/changelog 2009-12-09 03:15:25.000000000 +0900
+++ mime-support-3.48/debian/changelog 2014-12-29 19:44:50.000000000 +0900
@@ -1,3 +1,14 @@
+mime-support (3.48-1+deb6u1) squeeze-lts; urgency=high
+
+ [ Salvatore Bonaccorso ]
+ * CVE-2014-7209: run-mailcap shell command injection.
+ Thanks to Timothy D. Morgan for the report.
+
+ [ Charles Plessy ]
+ * DLA-125-1: Applied unmodified Wheezy security patch to Squeeze LTS.
+
+ -- Charles Plessy <plessy@debian.org> Mon, 29 Dec 2014 19:43:31 +0900
+
mime-support (3.48-1) unstable; urgency=medium
* use only "copiousoutput" rules for "cat" action (closes: 533723)
diff -Nru mime-support-3.48/run-mailcap mime-support-3.48/run-mailcap
--- mime-support-3.48/run-mailcap 2009-12-09 03:17:18.000000000 +0900
+++ mime-support-3.48/run-mailcap 2014-12-29 19:43:27.000000000 +0900
@@ -9,6 +9,7 @@
#
###############################################################################
+use File::Spec;
$debug=0;
$norun=0;
@@ -471,27 +472,22 @@
}
if ($file ne "-") {
- if ($comm =~ m/[^%]%s/) {
- if ($file =~ m![^ a-z0-9,.:/@%^+=_-]!i) {
- $match =~ m/nametemplate=(.*?)\s*($|;)/;
- my $prefix = $1;
- my $linked = 0;
- while (!$linked) {
- $tmplink = TempFile($prefix);
- unlink($tmplink);
- if ($file =~ m!^/!) {
- $linked = symlink($file,$tmplink);
- } else {
- my $pwd = `/bin/pwd`;
- chomp($pwd);
- $linked = symlink("$pwd/$file",$tmplink);
- }
- }
- print STDERR " - filename contains shell meta-characters; aliased to '$tmplink'\n" if $debug;
- $comm =~ s/([^%])%s/$1$tmplink/g;
- } else {
- $comm =~ s/([^%])%s/$1$file/g;
+ # Resolve file name to an absolute path
+ $file = File::Spec->rel2abs($file);
+ if ($file =~ m![^ a-z0-9,.:/@%^+=_-]!i) {
+ $match =~ m/nametemplate=(.*?)\s*($|;)/;
+ my $prefix = $1;
+ my $linked = 0;
+ while (!$linked) {
+ $tmplink = TempFile($prefix);
+ unlink($tmplink);
+ $linked = symlink($file,$tmplink);
}
+ $file = $tmplink;
+ print STDERR " - filename contains shell meta-characters; aliased to '$tmplink'\n" if $debug;
+ }
+ if ($comm =~ m/[^%]%s/) {
+ $comm =~ s/([^%])%s/$1$file/g;
} else {
if ($comm =~ m/\|/) {
$comm =~ s/\|/<\Q$file\E \|/;
Reply to: