Re: Bug#88055: security hole in joe

To: Joey Hess <joeyh@debian.org>, 88055@bugs.debian.org
Cc: debian-security@lists.debian.org
Subject: Re: Bug#88055: security hole in joe
From: Josip Rodin <jrodin@public.srce.hr>
Date: Thu, 1 Mar 2001 03:13:14 +0100
Message-id: <20010301031314.A6825@jagor.srce.hr>
In-reply-to: <20010228152039.C5432@kitenet.net>; from Joey Hess on Wed, Feb 28, 2001 at 03:20:39PM -0800
References: <20010228152039.C5432@kitenet.net>

On Wed, Feb 28, 2001 at 03:20:39PM -0800, Joey Hess wrote:
> Package: joe
> Version: 2.8-18
> Severity: grave
> 
> joey@kite:/tmp>echo "this is not a valid .joerc, I'll bet!" > .joerc
> joey@kite:/tmp>joe foo
> Processing '.joerc'...
> .joerc 1: No context selected for macro to key-sequence binding
> done
> There were errors in '.joerc'.  Use it anyway?n
> Processing '/etc/joe/joerc'...done

Funny how the first attempt of me reproducing this, with a valid command,
caused this:

[joy@pork:/tmp]% echo '-help' > .joerc
[joy@pork:/tmp]% joe foo
Processing '.joerc'...done
zsh: segmentation fault (core dumped)  joe foo

I wonder what's the best fix for this bug... check ownership of ./.joerc
file before trying to read it? Not read it at all?

(I'm not currently subscribed to BUGTRAQ)

-- 
Digital Electronic Being Intended for Assassination and Nullification

Reply to:

Follow-Ups:
- Re: Bug#88055: security hole in joe
  - From: Daniel Jacobowitz <dan@debian.org>
- Re: Bug#88055: security hole in joe
  - From: Ethan Benson <erbenson@alaska.net>

Prev by Date: stupid ?!? question : how secure is...
Next by Date: Re: Bug#88055: security hole in joe
Previous by thread: stupid ?!? question : how secure is...
Next by thread: Re: Bug#88055: security hole in joe
Index(es):
- Date
- Thread