[Bug 1961600] Re: "open" command crashes when filename as space in it
Okay, good. Thanks for looking into it. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1961600 Title: "open" command crashes when filename as space in it To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mailcap/+bug/1961600/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1961600] Re: "open" command crashes when filename as space in it
Hi Marc, Thanks for the reply. I'll update when Ubuntu 22.04 LTS arrives. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1961600 Title: "open" command crashes when filename as space in it To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mailcap/+bug/1961600/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1961600] Re: "open" command crashes when filename as space in it
So it looks like this was an issue in the Debian package 3.68, which was later corrected in 3.69: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982060 The 3.68 package did make it's way to Ubuntu 21.04. Ubuntu 21.04 is no longer supported since January 20th 2022: https://lists.ubuntu.com/archives/ubuntu-security- announce/2022-January/006363.html I suggest updating to a currently supported Ubuntu release to fix your issue. Thanks! ** Bug watch added: Debian Bug tracker #982060 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982060 ** Changed in: mailcap (Ubuntu) Status: Incomplete => Won't Fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1961600 Title: "open" command crashes when filename as space in it To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mailcap/+bug/1961600/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1961600] Re: "open" command crashes when filename as space in it
Hi, Thanks for reporting this issue, but I don't know where you got your run-mailcap file from, as the one currently provided by Ubuntu has this: if (decode(langinfo(CODESET()), $file) =~ m![^[:alnum:],.:/@%^+=_-]!i) { The extra "and $0 !~ "open")" isn't present in official packages. Please let us know where you got that run-mailcap file from. Thanks! ** Changed in: mailcap (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1961600 Title: "open" command crashes when filename as space in it To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mailcap/+bug/1961600/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1961600] Re: "open" command crashes when filename as space in it
** Information type changed from Public to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1961600 Title: "open" command crashes when filename as space in it To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mailcap/+bug/1961600/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1961600] Re: "open" command crashes when filename as space in it
As the original author of the run-mailcap program, this hack to bypass the check for shell meta-characters when called as "open" is DANGEROUS! It allows the execution of arbitrary commands on a victim's computer with a specially crafted filename if there is an mailcap entry with an improperly quoted "%s" (and let's face it -- there is no proper quoting that will handle all cases). It was such an entry (in qpdfview) that led to the discovery of this problem. I suspect this extra condition was added at a time when the mailcap package was missing a dependency on the package providing bin/mktemp, something I believe has been fixed. The upstream Debian package does not have this extra condition. https://salsa.debian.org/debian/mailcap/-/blob/master/run-mailcap#L480 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1961600 Title: "open" command crashes when filename as space in it To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mailcap/+bug/1961600/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs