found 603545 6.17.02-3 thanks On 15/11/10 at 03:39 -0500, Andrew Seniuk wrote: > Package: tcsh > Version: 6.17.02 > > Hello, this is my first real bug report ever. I'm sorry if I make > a mess of it. I tried to use reportbug, but it crashed when I > submitted my report. > > The tcsh bug: If there are two files, such as "z" and "zz", in > the current directory, then zz* expands to both files. > > This can cause unexpected data loss when for instance copying or > moving files. It could also destabilise the system if the system > ran tcsh scripts. Possibly there could be security vulnerabilities. > > The version I am using to produce the bug is 6.17.02 (from sid). > I compiled version 6.17.00 of tcsh from source obtained through > www.tcsh.org and the bug is not there manifest. (zz* expands to > only zz.)
I confirm the problem on squeeze, too. > I was expecting the tcsh.org version number to be higher? I suppose > I didn't find the development repo, but the bug exists on the > Debian 6.17.02 version in any case. 6.17.02 was a development release. At the time, it sounded like a good idea to package it in Debian, because it was fixing several Debian bugs, and was supposed to be followed by a final release soon. But the final release didn't happen, and apparently, some interesting bugs like this one crept in. I won't work on this bug (tcsh is orphaned, and I'm too busy currently). When someone attacks it, I'd recommend also looking at the other Debian+Ubuntu bug reports for tcsh: I think I remember seeing other nasty bugs affecting that version. Also, the git repository is a good start to see what changed between 6.17.00 and 6.17.02. - Lucas -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org