Bug#774142: unblock: mime-support/3.58
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package mime-support to fix CVE-2014-0666 in Jessie.
unblock mime-support/3.58
Have a nice day,
and a BIG THANK YOU for your outstanding work.
--
Charles Plessy
Tsurumi, Kanagawa, Japan
diff -Nru mime-support-3.57/debian/changelog mime-support-3.58/debian/changelog
--- mime-support-3.57/debian/changelog 2014-10-04 20:29:52.000000000 +0900
+++ mime-support-3.58/debian/changelog 2014-12-28 15:06:43.000000000 +0900
@@ -1,3 +1,17 @@
+mime-support (3.58) unstable; urgency=high
+
+ * CVE-2014-7209: run-mailcap shell command injection.
+ Thanks to Timothy D. Morgan for the report.
+
+ d156797 Escape file name also when not passed through %s. This
+ avoids command injections using for instance semicolons.
+ b585022 Resolve file name to an absolute path to avoid injection of
+ command arguments with file names starting with dashes etc.
+ Use File::Spec to avoid race conditions with temporary files.
+ Thanks, Salvatore Bonaccorso for the patch.
+
+ -- Charles Plessy <plessy@debian.org> Sun, 28 Dec 2014 14:45:59 +0900
+
mime-support (3.57) unstable; urgency=medium
* Media types added:
diff -Nru mime-support-3.57/run-mailcap mime-support-3.58/run-mailcap
--- mime-support-3.57/run-mailcap 2014-05-25 09:49:18.000000000 +0900
+++ mime-support-3.58/run-mailcap 2014-12-28 15:06:43.000000000 +0900
@@ -11,7 +11,7 @@
use Encode qw(decode);
use I18N::Langinfo qw(langinfo CODESET);
-
+use File::Spec;
$debug=($ENV{RUN_MAILCAP_DEBUG} || 0);
$norun=0;
@@ -469,27 +469,22 @@
}
if ($file ne "-") {
- if ($comm =~ m/[^%]%s/) {
- if (decode(langinfo(CODESET()), $file) =~ m![^[:alnum:],.:/@%^+=_-]!i) {
- $match =~ m/nametemplate=(.*?)\s*($|;)/;
- my $prefix = $1;
- my $linked = 0;
- while (!$linked) {
- $tmplink = TempFile($prefix);
- unlink($tmplink);
- if ($file =~ m!^/!) {
- $linked = symlink($file,$tmplink);
- } else {
- my $pwd = `/bin/pwd`;
- chomp($pwd);
- $linked = symlink("$pwd/$file",$tmplink);
- }
- }
- print STDERR " - filename contains shell meta-characters; aliased to '$tmplink'\n" if $debug;
- $comm =~ s/([^%])%s/$1$tmplink/g;
- } else {
- $comm =~ s/([^%])%s/$1$file/g;
+ # Resolve file name to an absolute path
+ $file = File::Spec->rel2abs($file);
+ if (decode(langinfo(CODESET()), $file) =~ m![^[:alnum:],.:/@%^+=_-]!i) {
+ $match =~ m/nametemplate=(.*?)\s*($|;)/;
+ my $prefix = $1;
+ my $linked = 0;
+ while (!$linked) {
+ $tmplink = TempFile($prefix);
+ unlink($tmplink);
+ $linked = symlink($file,$tmplink);
}
+ $file = $tmplink;
+ print STDERR " - filename contains shell meta-characters; aliased to '$tmplink'\n" if $debug;
+ }
+ if ($comm =~ m/[^%]%s/) {
+ $comm =~ s/([^%])%s/$1$file/g;
} else {
if ($comm =~ m/\|/) {
$comm =~ s/\|/<\Q$file\E \|/;
Reply to: