Package: ttyrec
Version: 1.0.8-5.1
Tags: patch, security

Dear Maintainer,
the ttyrec package has mailcap entries with quoted %-escapes. That is 
considered unsafe. Proper escaping should be left to the programs using the 
entry.

This Lintian tag is triggered:
https://lintian.debian.org/tags/quoted-placeholder-in-mailcap-entry.html

See also grave bug #930908, which was recently closed because "a Lintian test 
already exists":
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930908

I'm using the "security" tag because the affected rules in combination with 
certain mail user agents (or document openers) are the cause of a shell command 
injection vulnerability.

If you need more information let me know.

Thanks,
MNZ
diff -ru a/debian/mime b/debian/mime
--- a/debian/mime	2020-04-06 19:36:27.000000000 +0200
+++ b/debian/mime	2021-04-23 11:11:23.179413190 +0200
@@ -1 +1 @@
-application/x-ttyrec; /usr/bin/ttyplay '%s'; needsterminal; description=tty record file; nametemplate=%s.tty; priority=5;
+application/x-ttyrec; /usr/bin/ttyplay %s; needsterminal; description=tty record file; nametemplate=%s.tty; priority=5;

Reply via email to