Bug#923894: marked as done (unblock: mailscripts/0.7-1)

To: Niels Thykier <niels@thykier.net>
Subject: Bug#923894: marked as done (unblock: mailscripts/0.7-1)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Wed, 06 Mar 2019 20:57:03 +0000
Message-id: <[🔎] handler.923894.D923894.155190573330376.ackdone@bugs.debian.org>
Reply-to: 923894@bugs.debian.org
References: <c93d9121-5273-70bf-f9d2-0fb87997134d@thykier.net> <[🔎] 87wolbahe7.fsf@iris.silentflame.com>

Your message dated Wed, 06 Mar 2019 20:55:00 +0000
with message-id <c93d9121-5273-70bf-f9d2-0fb87997134d@thykier.net>
and subject line Re: Bug#923894: unblock: mailscripts/0.7-1
has caused the Debian Bug report #923894,
regarding unblock: mailscripts/0.7-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
923894: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923894
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: unblock: mailscripts/0.7-1

From: Sean Whitton <spwhitton@spwhitton.name>

Date: Wed, 06 Mar 2019 13:15:44 -0700

Message-id: <[🔎] 87wolbahe7.fsf@iris.silentflame.com>
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Hello,

Please unblock package mailscripts.

Paul Wise was kind enough to review the code in notmuch-slurp-debbug(1)
and discovered that my use of Perl's system() and backticks was invoking
superfluous shells.  In mailscripts 0.7, the calls are replaced with
functions which will never invoke shells.

Paul pointed out that there are a potential security risks due to shell
metacharacter expansion, so it would be good to see the fixed version in
buster.

unblock mailscripts/0.7-1

-- 
Sean Whitton
Attachment: mailscripts_0.7-1.debdiff
Description: Binary data

Attachment: signature.asc
Description: PGP signature

--- End Message ---

--- Begin Message ---

To: Sean Whitton <spwhitton@spwhitton.name>, 923894-done@bugs.debian.org

Subject: Re: Bug#923894: unblock: mailscripts/0.7-1

From: Niels Thykier <niels@thykier.net>

Date: Wed, 06 Mar 2019 20:55:00 +0000

Message-id: <c93d9121-5273-70bf-f9d2-0fb87997134d@thykier.net>

In-reply-to: <[🔎] 87wolbahe7.fsf@iris.silentflame.com>

References: <[🔎] 87wolbahe7.fsf@iris.silentflame.com>
Sean Whitton:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> 
> Hello,
> 
> Please unblock package mailscripts.
> 
> Paul Wise was kind enough to review the code in notmuch-slurp-debbug(1)
> and discovered that my use of Perl's system() and backticks was invoking
> superfluous shells.  In mailscripts 0.7, the calls are replaced with
> functions which will never invoke shells.
> 
> Paul pointed out that there are a potential security risks due to shell
> metacharacter expansion, so it would be good to see the fixed version in
> buster.
> 
> unblock mailscripts/0.7-1
> 

Unblocked, thanks.

~Niels
--- End Message ---

Reply to:

References:
- Bug#923894: unblock: mailscripts/0.7-1
  - From: Sean Whitton <spwhitton@spwhitton.name>

Prev by Date: Bug#923894: unblock: mailscripts/0.7-1
Next by Date: Bug#923886: marked as done (unblock: google-compute-image-packages/20190124-2)
Previous by thread: Bug#923894: unblock: mailscripts/0.7-1
Next by thread: Bug#923897: stretch-pu: package chrony/3.0-4+deb9u2
Index(es):
- Date
- Thread