Package: mc Version: 3:4.7.0.8-1 Severity: normal Many of the commands inside /etc/mc/mc.menu are unquoted or improperly quoted. This leads to problems for file names that contain spaces or other special characters. Usually, this leads to just failing to operate on a file, but there's at least one security issue.
If you have a file named "some_long_name -z /etc/passwd something_else.bz2" and run "convert .bz2 to .gz", you'll end with /etc/passwd removed and placed into "/etc/passwd.bz2". To fix those, please quote every use of a file name. This includes places that seem to be already quoted, like: D="`basename %f .tar.gz`" which needs to be: D="`basename "%f" .tar.gz`" -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (150, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.35-trunk-686 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages mc depends on: ii libc6 2.11.2-2 Embedded GNU C Library: Shared lib ii libglib2.0-0 2.24.1-1 The GLib library of C routines ii libgpm2 1.20.4-3.3 General Purpose Mouse - shared lib ii libslang2 2.2.2-4 The S-Lang programming library - r Versions of packages mc recommends: ii mime-support 3.48-1 MIME files 'mime.types' & 'mailcap Versions of packages mc suggests: pn arj <none> (no description available) ii bzip2 1.0.5-4 high-quality block-sorting file co pn catdvi <none> (no description available) pn dbview <none> (no description available) pn djvulibre-bin <none> (no description available) ii evince [pdf-viewer] 2.30.3-1 Document (postscript, pdf) viewer ii file 5.04-5 Determines file type using "magic" pn gv <none> (no description available) ii imagemagick 8:6.6.0.4-2.2 image manipulation programs pn links | w3m | lynx <none> (no description available) pn odt2txt <none> (no description available) ii perl 5.10.1-14 Larry Wall's Practical Extraction ii python 2.6.5-13 interactive high-level object-orie pn python-boto <none> (no description available) pn python-tz <none> (no description available) ii unzip 6.0-4 De-archiver for .zip files pn zip <none> (no description available) -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org