Your message dated Sat, 02 Jul 2022 00:22:28 +0000
with message-id <e1o7qu4-0009hm...@fasolo.debian.org>
and subject line Bug#987404: fixed in libgsm 1.0.19-3
has caused the Debian Bug report #987404,
regarding libgsm-tools has mailcap entries with quoted %-escapes
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
987404: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987404
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libgsm-tools
Version: 1.0.18-2
Tags: patch, security
Dear Maintainer,
the libgsm-tools package has mailcap entries with quoted %-escapes. That is
considered unsafe. Proper escaping should be left to the programs using the
entry.
This Lintian tag is triggered:
https://lintian.debian.org/tags/quoted-placeholder-in-mailcap-entry.html
See also grave bug #930908, which was recently closed because "a Lintian test
already exists":
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930908
I'm using the "security" tag because the affected rules in combination with
certain mail user agents (or document openers) are the cause of a shell command
injection vulnerability.
If you need more information let me know.
Thanks,
MNZ
diff -ru a/debian/libgsm-tools.mime b/debian/libgsm-tools.mime
--- a/debian/libgsm-tools.mime 2018-12-31 23:57:12.000000000 +0100
+++ b/debian/libgsm-tools.mime 2021-04-23 11:09:59.978323696 +0200
@@ -1 +1 @@
-audio/x-gsm; /usr/bin/toast -dcs '%s' > /dev/audio ; description=GSM Audio
+audio/x-gsm; /usr/bin/toast -dcs %s > /dev/audio ; description=GSM Audio
--- End Message ---
--- Begin Message ---
Source: libgsm
Source-Version: 1.0.19-3
Done: Thorsten Alteholz <deb...@alteholz.de>
We believe that the bug you reported is fixed in the latest version of
libgsm, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 987...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thorsten Alteholz <deb...@alteholz.de> (supplier of updated libgsm package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 01 Jul 2022 22:03:02 +0200
Source: libgsm
Architecture: source
Version: 1.0.19-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Mobcom Maintainers
<debian-mobcom-maintain...@lists.alioth.debian.org>
Changed-By: Thorsten Alteholz <deb...@alteholz.de>
Closes: 987404 1009975
Changes:
libgsm (1.0.19-3) unstable; urgency=medium
.
* adopt package (Closes: #1009975)
* debian/control: move maintenance to the mobcom team
* debian/control: bump Standards-Version to 4.6.1
* debian/control: use VCS URLs from the mobcom team
* Thanks to Marriott NZ <marriot...@gmx.com> for the report about the
quotes in the mailcap entry. This was already fixed in 1.0.19-1.
(Closes: #987404)
Checksums-Sha1:
edfc4a0ce09d7465c45a4e2512c787292c093b01 2188 libgsm_1.0.19-3.dsc
a72daa48ff20d3cb551e3d56a8a188ab48020bc7 10668 libgsm_1.0.19-3.debian.tar.xz
e83d1d5e593b4c18e4891dbfbe8af409619de082 7157 libgsm_1.0.19-3_amd64.buildinfo
Checksums-Sha256:
7cc73dd9c913bf7d6765643b2135dcc9af2bc7d9e961d95bb59c941755a0d689 2188
libgsm_1.0.19-3.dsc
ffbc332ee354533e51bf86e5664bd94aa492db9b42cbe5f8305c71fd212cb7f7 10668
libgsm_1.0.19-3.debian.tar.xz
7bea60df634deab16f0f26d32ab94ad6f587021be3e3b3b3426402c44120fd15 7157
libgsm_1.0.19-3_amd64.buildinfo
Files:
e70ef5bd40a73d132441f1f4161eba38 2188 libs optional libgsm_1.0.19-3.dsc
59eaa68ac2f653202f126e56faf5cb5c 10668 libs optional
libgsm_1.0.19-3.debian.tar.xz
15b787af88ba98925bd78dab55bf1c90 7157 libs optional
libgsm_1.0.19-3_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmK/falfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYR+PqD/sHHrfmJ4jJsooJYZG39NyFLcJpjiZ7
J1LPjycRgB6DBeQFyxHfS/9ITy946orM/IWpcEws+zES5K0mJ0q4mvzehBXcCLkb
uNj9EbHBEInkSSUa9umveehDbXR5iFDNcEBQH81UR4Uh3y2OX7lS+yVi5T9WodF4
B9KL2UtIWKjlmYZkPLTC/V/VVdaxmxpMkr0zEd9CWjWCsxaeJHOIXtL64nhY4zE6
wVSkxEU2038UIYuZ3fp8IJFhIguRhDcKmyqB0bcto8Y3p4gyExkrp0PHTRZxCK0Z
4ND6VU4pXr8+RsVmxbULf2iJCYNqKZNOD8EaZ6oBJre0L8xi55thJVQ6HK/IOyQb
kbq3kzkNZerai6iXN+BMNcHIRLpTVCAFy8pWwQhUbnWCiZK7eml32TkpkED78kwu
3Ff04FE6IZWgGmTzUkbziJdiQWx25ToL8V4I6xLOX0XYW4DQ0woxevD+IHBEO8aN
6GmMljlmVHhPRuTcbT318Gf3C900R/K/afPZ1zsz57UB9VDOPhg2BD3DX+oFGvAL
ytixWdVh6xS/olBMlQLa5wVhYK8mKvFurl/myyvKfuNmMqWLNFwsBcRzWF5cpnc1
z6fWsW80g756eyR8LySO/katuTcKF3XzY/3HCpMfrRw8Xg6G/yotTGjUJPZkchZ+
6n25rR9x6VP1IQ==
=neHL
-----END PGP SIGNATURE-----
--- End Message ---
