On Fri, 26 Jan 2024 22:45:28 +0100 Jakub Wilk wrote:
> Control: found -1 1.6.2+dfsg-2
>
> The fix is insufficient. To reproduce, try converting the file created
> by this command:
>
> touch '`cowsay pwned >&2; sleep inf`.mp3'
>
I'm now escaping backticks. This fixes the issue with above file.
Control: found -1 1.6.2+dfsg-2
The fix is insufficient. To reproduce, try converting the file created
by this command:
touch '`cowsay pwned >&2; sleep inf`.mp3'
Single-quoted strings are better suited for shell-escaping, because the
only character to care of is the single quote itself.
Package: winff
Version: 1.5.5-9
Tags: security
WinFF doesn't correctly escape filenames that it passes to shell. If the
user is tricked to convert files with malicious names, this could result
in execution of arbitrary code.
To reproduce, try converting the file created by this command:
3 matches
Mail list logo
