Daniel Kobras wrote:
On Fri, Jan 27, 2006 at 10:59:34PM +0100, Martin Schulze wrote:
Daniel Kobras wrote:
Gnah. You are correct. I'm extending the list of forbidden characters
by $().
Upstream has reverted the blacklist and instead went for an improved
version of the symlink
found 345238 4:5.4.4.5-1woody7
found 345238 6:6.0.6.2-2.5
thanks
On Thu, Jan 05, 2006 at 01:49:11PM +0100, Daniel Kobras wrote:
On Fri, Dec 30, 2005 at 02:19:27PM +0100, Florian Weimer wrote:
With some user interaction, this is exploitable through Gnus and
Thunderbird. I think this warrants
Daniel Kobras wrote:
found 345238 4:5.4.4.5-1woody7
found 345238 6:6.0.6.2-2.5
thanks
On Thu, Jan 05, 2006 at 01:49:11PM +0100, Daniel Kobras wrote:
On Fri, Dec 30, 2005 at 02:19:27PM +0100, Florian Weimer wrote:
With some user interaction, this is exploitable through Gnus and
On Fri, Jan 27, 2006 at 10:32:51PM +0100, Martin Schulze wrote:
Daniel Kobras wrote:
On Thu, Jan 05, 2006 at 01:49:11PM +0100, Daniel Kobras wrote:
On Fri, Dec 30, 2005 at 02:19:27PM +0100, Florian Weimer wrote:
With some user interaction, this is exploitable through Gnus and
Daniel Kobras wrote:
Gnah. You are correct. I'm extending the list of forbidden characters
by $().
Upstream has reverted the blacklist and instead went for an improved
version of the symlink fix I added to ImageMagick in unstable. The patch
is more involved, but also more robust and
On Fri, Jan 27, 2006 at 10:59:34PM +0100, Martin Schulze wrote:
Daniel Kobras wrote:
Gnah. You are correct. I'm extending the list of forbidden characters
by $().
Upstream has reverted the blacklist and instead went for an improved
version of the symlink fix I added to ImageMagick
On Thu, Jan 05, 2006 at 02:04:39PM +0100, Florian Weimer wrote:
A better fix would be to bypass the shell and invoke the delegate
directly (using fork and execve). If this is not feasible, the file
name should be translated according to this pseudo-code:
I went for an even more simple fix:
tag 345238 + patch
thanks
On Fri, Dec 30, 2005 at 02:19:27PM +0100, Florian Weimer wrote:
With some user interaction, this is exploitable through Gnus and
Thunderbird. I think this warrants increasing the severity to
grave.
Here's the vanilla fix from upstream SVN, stripped off whitespace
* Daniel Kobras:
tag 345238 + patch
thanks
On Fri, Dec 30, 2005 at 02:19:27PM +0100, Florian Weimer wrote:
With some user interaction, this is exploitable through Gnus and
Thunderbird. I think this warrants increasing the severity to
grave.
Here's the vanilla fix from upstream SVN,
retitle 345238 [CVE-2005-4601] Shell command injection in delegate code (via
file names)
thanks
This issue has been assigned CVE-2005-4601. Please mention this
identifier in the changelog when fixing this bug.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe.
severity 345238 grave
thanks
With some user interaction, this is exploitable through Gnus and
Thunderbird. I think this warrants increasing the severity to
grave.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Package: imagemagick
Version: 6.2.4.5-0.3
Tags: security
The delegate code in Imagemagick is vulnerable to shell command
injection, using specially crafted file names:
$ cp /usr/lib/openoffice/share/template/en-US/wizard/bitmap/germany.wmf \
' ; echo Hi! 2; : '.gif
$ display ' ; echo Hi! 2; :
12 matches
Mail list logo