Bug#950319: libreoffice: filename replacements in mime entries for mailcap must not be quoted within the given command

[Rene Engelhard <rene@debian.org>]

block 950319 by 928037
thanks

On Sat, Feb 01, 2020 at 08:21:20AM +0100, Frank Loeffler wrote:
> in the mailcap is able to prevent shell escapes. This is why the replacing
> program must be the one doing this. Thus, if any tool using mailcap does not
> quote filenames properly and only relies on mailcap to do it for them, that
> would be a (security) bug within that tool.

Yes, and what happens if the MUA does not do that? Then we would
exchange a problem to an other? And given that the actual user base of
LO will probably use more GUI MUAs than mutt I'd prefer if they keep
working.

> I agree that this is confusing. I commented on a related bug within mutt

Indeed.

> first, only later realizing that mutt actually does it the right way.
> #928037 contains thoughts about this, including links to other threads, that
> show the problem from a more or less neutral view. This is why #928037
> exists: the RFC is rather unhelpful and other documentation does not really
> show users how those entries should be handled, right now.

Let's wait what comes out of 928037  then...

Regards,

Rene