Viewing all changes in revision 17.
- Committer: Package Import Robot
- Date: 2014-12-28 14:45:59 UTC
- Revision ID: package-import@ubuntu.com-20141228144559-vl4yn2vm1f7wglgx
CVE-2014-7209: run-mailcap shell command injection.
Thanks to Timothy D. Morgan for the report.
d156797 Escape file name also when not passed through %s. This
avoids command injections using for instance semicolons.
b585022 Resolve file name to an absolute path to avoid injection of
command arguments with file names starting with dashes etc.
Use File::Spec to avoid race conditions with temporary files.
Thanks, Salvatore Bonaccorso for the patch.
Thanks to Timothy D. Morgan for the report.
d156797 Escape file name also when not passed through %s. This
avoids command injections using for instance semicolons.
b585022 Resolve file name to an absolute path to avoid injection of
command arguments with file names starting with dashes etc.
Use File::Spec to avoid race conditions with temporary files.
Thanks, Salvatore Bonaccorso for the patch.
- files modified:
- debian/changelog
expand all
collapse all
added
removed
