Bug#542331: debbugs: Sends corrupt email messages

[Ben Finney]

X-Loop
ow...@bugs.debian.org: Resent-Date: Wed, 19 Aug 2009 04:39:03 +0000
Resent-Message-ID: <handler.542331.b.125065627521...@bugs.debian.org>
Resent-Sender: ow...@bugs.debian.org
X-Debian-PR-Message: report 542331
X-Debian-PR-Package: debbugs
X-Debian-PR-Keywords: 
X-Debian-PR-Source: debbugs
Received: via spool by sub...@bugs.debian.org id=B.125065627521322
          (code B ref -1); Wed, 19 Aug 2009 04:39:03 +0000
Received: (at submit) by bugs.debian.org; 19 Aug 2009 04:31:15 +0000
X-Spam-Checker-Version: SpamAssassin 3.2.3-bugs.debian.org_2005_01_02
        (2007-08-08) on rietz.debian.org
X-Spam-Level: 
X-Spam-Bayes: score:0.0000 Tokens: new, 21; hammy, 151; neutral, 480; spammy,
        0. spammytokens: hammytokens:0.000-+--H*u:1.5.20, 0.000-+--H*UA:1.5.20,
        0.000-+--H*u:2009-06-14, 0.000-+--H*UA:2009-06-14, 0.000-+--v149
X-Spam-Status: No, score=-10.3 required=4.0 tests=AWL,BAYES_00,FOURLA,
        FVGT_m_MULTI_ODD,HAS_PACKAGE,MURPHY_DRUGS_REL8,MURPHY_WRONG_WORD1,
        MURPHY_WRONG_WORD2,PGPSIGNATURE,SPF_PASS autolearn=ham
        version=3.2.3-bugs.debian.org_2005_01_02
Received: from eth595.vic.adsl.internode.on.net ([150.101.214.82] 
helo=mail.benfinney.id.au)
        by rietz.debian.org with esmtp (Exim 4.63)
        (envelope-from <b...@benfinney.id.au>)
        id 1Mdclv-00051d-Ka
        for sub...@bugs.debian.org; Wed, 19 Aug 2009 04:27:40 +0000
Received: by mail.benfinney.id.au (Postfix, from userid 1000)
        id 02BC4E857F; Wed, 19 Aug 2009 14:27:36 +1000 (EST)
Date: Wed, 19 Aug 2009 14:27:36 +1000
From: Ben Finney <b...@benfinney.id.au>
To: sub...@bugs.debian.org
Message-ID: <20090819042736.ga22...@benfinney.id.au>
Mail-Followup-To: Ben Finney <b...@benfinney.id.au>, sub...@bugs.debian.org
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
        protocol="application/pgp-signature"; boundary="GRPZ8SYKNexpdSJ7"
Content-Disposition: inline
X-Public-Key-ID: 0xBD41714B
X-Public-Key-Fingerprint: 9CFE 12B0 791A 4267 887F  520C B7AC 2E51 BD41 714B
X-Public-Key-URL: http://www.benfinney.id.au/contact/bfinney-gpg.asc
User-Agent: Mutt/1.5.20 (2009-06-14)
Delivered-To: sub...@bugs.debian.org


--GRPZ8SYKNexpdSJ7
Content-Type: multipart/mixed; boundary="Qxx1br4bt0+wmkIi"
Content-Disposition: inline


--Qxx1br4bt0+wmkIi
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Package: debbugs

Howdy,

In response to Bug#542329 <URL:http://bugs.debian.org/542329>, the BTS
sent two messages to me (as the maintainer for the package against
which the bug is reported). Those messages are corrupted; their header
was missing some fields, including common ones like =E2=80=98To=E2=80=99, =
=E2=80=98From=E2=80=99, and
=E2=80=98Date=E2=80=99.

I have attached an example of the corrupted message to this report.

When I request the report's mbox via =E2=80=98bts --mbox show 542329=E2=80=
=99, it too
is missing many fields on each message.

--=20
 \            =E2=80=9CIf you continue running Windows, your system may bec=
ome |
  `\        unstable.=E2=80=9D =E2=80=94Microsoft, Windows 95 bluescreen er=
ror message |
_o__)                                                                  |
Ben Finney <b...@benfinney.id.au>

--Qxx1br4bt0+wmkIi
Content-Type: message/rfc822
Content-Disposition: inline

Return-Path: <debb...@rietz.debian.org>
X-Original-To: ben+deb...@benfinney.id.au
Delivered-To: bignose+deb...@local.whitetree.org
Received: from rietz.debian.org (rietz.debian.org [140.211.166.43])
        by mail.benfinney.id.au (Postfix) with ESMTP id 840E0E80D3
        for <ben+deb...@benfinney.id.au>; Wed, 19 Aug 2009 13:46:03 +1000 (EST)
Received: from debbugs by rietz.debian.org with local (Exim 4.63)
        (envelope-from <debb...@rietz.debian.org>)
        id 1Mdc6k-0004kH-QC; Wed, 19 Aug 2009 03:45:06 +0000
X-Loop: ow...@bugs.debian.org
Subject: Bug#542329: burn: Quotation marks in filenames aren't handled properly.
Reply-To: Philipp Weis <pw...@pweis.com>, 542...@bugs.debian.org
Resent-From: Philipp Weis <pw...@pweis.com>
Resent-To: debian-bugs-d...@lists.debian.org
Resent-CC: t...@security.debian.org, 
secure-testing-t...@lists.alioth.debian.org, Ben Finney 
<ben+deb...@benfinney.id.au>
Resent-Message-Id: <e1mdc6k-0004kh...@rietz.debian.org>
Resent-Sender: Debian BTS <debb...@rietz.debian.org>
Resent-Date: Wed, 19 Aug 2009 03:45:06 +0000
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000220, version=1.2.0

X-Loop
ow...@bugs.debian.org: Resent-Date: Wed, 19 Aug 2009 03:45:02 +0000
Resent-Message-ID: <handler.542329.b.125065338117...@bugs.debian.org>
Resent-Sender: ow...@bugs.debian.org
X-Debian-PR-Message: report 542329
X-Debian-PR-Package: burn
X-Debian-PR-Keywords: security
X-Debian-PR-Source: burn
Received: via spool by sub...@bugs.debian.org id=B.125065338117423
          (code B ref -1); Wed, 19 Aug 2009 03:45:02 +0000
Received: (at submit) by bugs.debian.org; 19 Aug 2009 03:43:01 +0000
X-Spam-Checker-Version: SpamAssassin 3.2.3-bugs.debian.org_2005_01_02
        (2007-08-08) on rietz.debian.org
X-Spam-Level: 
X-Spam-Bayes: score:0.0000 Tokens: new, 45; hammy, 150; neutral, 110; spammy,
        1. spammytokens:0.995-1--quotation hammytokens:0.000-+--H*u:1.5.20,
        0.000-+--H*UA:1.5.20, 0.000-+--H*u:2009-06-14, 0.000-+--H*UA:2009-06-14,
        0.000-+--Severity
X-Spam-Status: No, score=-11.9 required=4.0 tests=BAYES_00,FOURLA,HAS_PACKAGE,
        MURPHY_DRUGS_REL8,UNPARSEABLE_RELAY,X_DEBBUGS_CC autolearn=ham
        version=3.2.3-bugs.debian.org_2005_01_02
Received: from arthur2.pweis.com ([87.106.5.233])
        by rietz.debian.org with esmtp (Exim 4.63)
        (envelope-from <pw...@pweis.com>)
        id 1Mdc4j-0004WL-8R
        for sub...@bugs.debian.org; Wed, 19 Aug 2009 03:43:01 +0000
Received: from zaphod (authenticated)
        by s15342663.onlinehome-server.info with esmtps (Exim 4.63 #1 (Debian))
        id 1Mdc4h-0006IQ-7k
        for <sub...@bugs.debian.org>; Wed, 19 Aug 2009 03:42:59 +0000
Received: from pweis by zaphod with local (Exim 4.69 #1 (Debian))
        id 1Mdc4f-00039s-00
        for <sub...@bugs.debian.org>; Tue, 18 Aug 2009 23:42:57 -0400
Date: Tue, 18 Aug 2009 23:42:56 -0400
From: Philipp Weis <pw...@pweis.com>
To: Debian Bug Tracking System <sub...@bugs.debian.org>
Message-ID: <20090819034256.ga12...@zaphod.pweis.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
        protocol="application/pgp-signature"; boundary="fUYQa+Pmc3FrFX/N"
Content-Disposition: inline
X-Reportbug-Version: 4.6
User-Agent: Mutt/1.5.20 (2009-06-14)
Delivered-To: sub...@bugs.debian.org


--fUYQa+Pmc3FrFX/N
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Package: burn
Version: 0.4.4-1
Severity: normal
Tags: security

Hey there,

I just discovered that burn has trouble with quotation marks in file
names, and on a closer inspection it seems as if this actually has
security implications. I attached a tiny patch that fixes three of the
quotation problems, but there seem to be more issues like this in the
code, and I don't have the time right now to look closely at all of
them.

For a demonstration of the problem, create a valid ogg file and name
it

  " | date #".ogg

Then run burn -A -a *.ogg, and burn will happily print the current
date.

Philipp


-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (600, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.30 (SMP w/2 CPU cores)
Locale: LANG=3Den_US.UTF-8, LC_CTYPE=3Den_US.UTF-8 (charmap=3DUTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages burn depends on:
ii  cdrdao                      1:1.2.2-17   records CDs in Disk-At-Once (D=
AO)=20
ii  genisoimage                 9:1.1.9-1    Creates ISO-9660 CD-ROM filesy=
stem
ii  mpg321                      0.2.10.6     mpg123 clone that doesn't use =
floa
ii  python                      2.5.4-2      An interactive high-level obje=
ct-o
ii  python-eyed3                0.6.17-1     Python module for id3-tags man=
ipul
ii  python-pyao                 0.82-2.1     A Python interface to the Audi=
o Ou
ii  python-pymad                0.5.4-3.2+b1 Python wrapper to the MPEG Aud=
io D
ii  python-pyvorbis             1.4-2        Python interface to the Ogg Vo=
rbis
ii  python-support              1.0.3        automated rebuilding support f=
or P
ii  wodim                       9:1.1.9-1    command line CD/DVD writing to=
ol

burn recommends no packages.

burn suggests no packages.

-- no debconf information

-- debsums errors found:
debsums: checksum mismatch burn file /usr/share/pyshared/burnlib/burn.py

--=20
Philipp Weis

--fUYQa+Pmc3FrFX/N
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkqLdMAACgkQzxf2HvbDMknPDgCgkBP0iGJzSmiYJIQgCiG4kHUN
YW0AnRee8Wcd2KmFcmpiapY5fmCzTRrH
=N8r8
-----END PGP SIGNATURE-----

--fUYQa+Pmc3FrFX/N--



--Qxx1br4bt0+wmkIi--

--GRPZ8SYKNexpdSJ7
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEAREIAAYFAkqLfzgACgkQIiYF7H0aG3lykACgujVpyaChlUD1pxG8iFsaO62i
C1IAoJ26rkgMZl0D3jnl1pesNzoqILkH
=8l6G
-----END PGP SIGNATURE-----

--GRPZ8SYKNexpdSJ7--



-- 
To UNSUBSCRIBE, email to debian-debbugs-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org