Hello everybody, I just uploaded a security update for CVE-2014-0666
I attached the debdiff. It is Wheezy's security update applied to Squeeze. In my understanding, File::Spec is already a core Perl module in Squeeze, so I do not see any reason why the patch would not work. But I have not tested it concretely. I have the email announce ready for debian-lts-announce. Please let me know if I can send it or if there are issues with this update. Have a nice day, -- Charles Plessy Tsurumi, Kanagawa, Japan
diff -Nru mime-support-3.48/debian/changelog mime-support-3.48/debian/changelog --- mime-support-3.48/debian/changelog 2009-12-09 03:15:25.000000000 +0900 +++ mime-support-3.48/debian/changelog 2014-12-29 19:44:50.000000000 +0900 @@ -1,3 +1,14 @@ +mime-support (3.48-1+deb6u1) squeeze-lts; urgency=high + + [ Salvatore Bonaccorso ] + * CVE-2014-7209: run-mailcap shell command injection. + Thanks to Timothy D. Morgan for the report. + + [ Charles Plessy ] + * DLA-125-1: Applied unmodified Wheezy security patch to Squeeze LTS. + + -- Charles Plessy <[email protected]> Mon, 29 Dec 2014 19:43:31 +0900 + mime-support (3.48-1) unstable; urgency=medium * use only "copiousoutput" rules for "cat" action (closes: 533723) diff -Nru mime-support-3.48/run-mailcap mime-support-3.48/run-mailcap --- mime-support-3.48/run-mailcap 2009-12-09 03:17:18.000000000 +0900 +++ mime-support-3.48/run-mailcap 2014-12-29 19:43:27.000000000 +0900 @@ -9,6 +9,7 @@ # ############################################################################### +use File::Spec; $debug=0; $norun=0; @@ -471,27 +472,22 @@ } if ($file ne "-") { - if ($comm =~ m/[^%]%s/) { - if ($file =~ m![^ a-z0-9,.:/@%^+=_-]!i) { - $match =~ m/nametemplate=(.*?)\s*($|;)/; - my $prefix = $1; - my $linked = 0; - while (!$linked) { - $tmplink = TempFile($prefix); - unlink($tmplink); - if ($file =~ m!^/!) { - $linked = symlink($file,$tmplink); - } else { - my $pwd = `/bin/pwd`; - chomp($pwd); - $linked = symlink("$pwd/$file",$tmplink); - } - } - print STDERR " - filename contains shell meta-characters; aliased to '$tmplink'\n" if $debug; - $comm =~ s/([^%])%s/$1$tmplink/g; - } else { - $comm =~ s/([^%])%s/$1$file/g; + # Resolve file name to an absolute path + $file = File::Spec->rel2abs($file); + if ($file =~ m![^ a-z0-9,.:/@%^+=_-]!i) { + $match =~ m/nametemplate=(.*?)\s*($|;)/; + my $prefix = $1; + my $linked = 0; + while (!$linked) { + $tmplink = TempFile($prefix); + unlink($tmplink); + $linked = symlink($file,$tmplink); } + $file = $tmplink; + print STDERR " - filename contains shell meta-characters; aliased to '$tmplink'\n" if $debug; + } + if ($comm =~ m/[^%]%s/) { + $comm =~ s/([^%])%s/$1$file/g; } else { if ($comm =~ m/\|/) { $comm =~ s/\|/<\Q$file\E \|/;
