Your message dated Sat, 13 Apr 2024 08:36:03 +0000 with message-id <e1rvyrj-003ga9...@fasolo.debian.org> and subject line Bug#987406: fixed in planner 0.14.92-1 has caused the Debian Bug report #987406, regarding planner has mailcap entries with quoted %-escapes to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 987406: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987406 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: planner Version: 0.14.6-9 Tags: patch, security Dear Maintainer, the planner package has mailcap entries with quoted %-escapes. That is considered unsafe. Proper escaping should be left to the programs using the entry. This Lintian tag is triggered: https://lintian.debian.org/tags/quoted-placeholder-in-mailcap-entry.html See also grave bug #930908, which was recently closed because "a Lintian test already exists": https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930908 I'm using the "security" tag because the affected rules in combination with certain mail user agents (or document openers) are the cause of a shell command injection vulnerability. If you need more information let me know. Thanks, MNZdiff -ru a/debian/planner.mime b/debian/planner.mime --- a/debian/planner.mime 2013-04-09 09:17:18.000000000 +0200 +++ b/debian/planner.mime 2021-04-23 11:10:50.218473457 +0200 @@ -1 +1 @@ -application/x-planner; planner '%s'; edit=planner '%s'; description="Planner document"; test=test "$DISPLAY" != ""; nametemplate=%s.planner +application/x-planner; planner %s; edit=planner %s; description="Planner document"; test=test "$DISPLAY" != ""; nametemplate=%s.planner
--- End Message ---
--- Begin Message ---Source: planner Source-Version: 0.14.92-1 Done: Shriram Ravindranathan <s...@ters.dev> We believe that the bug you reported is fixed in the latest version of planner, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 987...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Shriram Ravindranathan <s...@ters.dev> (supplier of updated planner package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 28 Feb 2024 14:18:28 +0000 Source: planner Architecture: source Version: 0.14.92-1 Distribution: unstable Urgency: medium Maintainer: Shriram Ravindranathan <s...@ters.dev> Changed-By: Shriram Ravindranathan <s...@ters.dev> Closes: 892919 987406 1062785 Changes: planner (0.14.92-1) unstable; urgency=medium . * New upstream version 0.14.92 * New Maintainer (Closes: #892919) * d/control: - Bump Standards-Version to 4.6.2 - Bump debhelper-compat version to 13 - Add new maintainer's name to maintainer field - Add VCS information * d/copyright: - Change source url to use https - Add new authors' copyright details - Update copyright years - Add new maintainer to copyright field - Add Upstream-Contact details * d/watch: - Bump watch version to 4 * Add d/upstream/metadata * Add libplanner-*.so symlink to not-installed * Add usr/share/GConf to planner-data.install * Add planner.lintian-overrides (unnecessary ldconfig activation) * Add planner-data.lintian-overrides (missing desktop command) . [Helmut Grohne] * d/rules: Fix FTCBFS, skip gtkdoc in arch-only build (Closes: #1062785) . [Marriott NZ] * d/planner.mime: Remove quoted placeholder from mailcap entry. Fixes lintian warning (Closes: #987406) Checksums-Sha1: 20c20632aa72b5006d2f26c31a1af3810f5be313 1945 planner_0.14.92-1.dsc 63be450ae11ee15c03b04e20bea5305089f0c33a 3888436 planner_0.14.92.orig.tar.xz c7abfa3ea5aaa54d6ee85744dc446a09af47a5ea 13292 planner_0.14.92-1.debian.tar.xz 383da805d3dc2733bd5c41f0edad1f968112793b 15284 planner_0.14.92-1_source.buildinfo Checksums-Sha256: 93201d945a47bbca2b70c8ac13fd204d0525974c5a6553e9f101b4c232cd1f7f 1945 planner_0.14.92-1.dsc fda2a7ef5db69d746fb7f3f164d060e042dd400e537ac0e535e932e369d0d833 3888436 planner_0.14.92.orig.tar.xz 2731072f971e7cebd70f31c62ada7a08a9c06fdc899f6bbe57740b366dde2807 13292 planner_0.14.92-1.debian.tar.xz ceb2b738dc40a236849d9f15ce71df327ff4e751cf04bc5fa6aad67c0f3f8c55 15284 planner_0.14.92-1_source.buildinfo Files: 5c6cc54e104a3119b67df0baa9eab072 1945 gnome optional planner_0.14.92-1.dsc 6da4c5b199bb269ab0bba3157b8cd9d0 3888436 gnome optional planner_0.14.92.orig.tar.xz 986db93e0c6c9db2ac83ed4cf5cbe02f 13292 gnome optional planner_0.14.92-1.debian.tar.xz 757d89655ba47ee9c6746933ff29bf1b 15284 gnome optional planner_0.14.92-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQHEBAEBCgAuFiEEQGIgyLhVKAI3jM5BH1x6i0VWQxQFAmYaP/YQHGJhZ2VAZGVi aWFuLm9yZwAKCRAfXHqLRVZDFM4MDACyZWyoAqtyLRUT1WuDTSLGU9AvKd3+IVxG mLgriD981l1FOqx19o4vJXNrB1v8Ncrg1sKiIvwaFXvnPbnpYO1SbQRuasxi+qUL wyiUF9XvW1zWn5UZ3OrJunWMYAvO7Dc29JEUXA2t+R5YwfB/ErfFJX1mFtbVirJF kgJIlXYMa99fGJvbL2MBr48FOMruAa87GdW+t4osmIZ7qx26MZYY3tVouQsBV5fC BLMibsj9cCi9tVbx9svkiGV61ye7lgN+lWh7WqW42RiwffPu+QD639LJYlZ85Izg WoTxHA4hWN1IQKj7brhtFeLI7I42wGnqZEBZb89FI9aYQAIGFnZx7nnUTsHsBVPo MKf63SoBxVdoe8h+zpDJP7llwWP+3C0CHy9Tpm2RJDhyur9mRJmuft6aUxrpL7zT G7xzYAFlgNGEgkJAlb5E5oDN7lrt5bM6bDSkDaHz9Buqg9w1IomwTDFrLpk3CkXW 2MZ3PjtM771dWyBUjmzFWaScL2s5TDY= =bgN5 -----END PGP SIGNATURE-----pgp12RFOijknJ.pgp
Description: PGP signature
--- End Message ---