shell command execution
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
mozilla-thunderbird (Debian) |
Fix Released
|
Unknown
|
|||
mozilla-thunderbird (Ubuntu) |
Fix Released
|
High
|
Adam Conrad |
Bug Description
Automatically imported from Debian bug report #329664 http://
Debian Bug Importer (debzilla) wrote : | #1 |
Debian Bug Importer (debzilla) wrote : | #2 |
Message-id: <email address hidden>
Date: Thu, 22 Sep 2005 16:53:02 +0200
From: Sebastian Ley <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: shell command execution
Package: mozilla-thunderbird
Severity: grave
Tags: security
Secunia reports in http://
can be exploited to execute arbitrary shell commands in the context of
the user running thuderbird.
This bug has been assigned CAN-2005-2968.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-1-686
Locale: LANG=de_DE@euro, LC_CTYPE=de_DE@euro (charmap=
In Debian Bug tracker #329664, Y Giridhar Appaji Nag (debian-appaji) wrote : Re: Bug#329667: mozilla-thunderbird --compose executes shell commands | #3 |
merge 329664 329667
thanks
On 05/09/22 17:27 +0200, Florian Weimer said ...
> Package: mozilla-thunderbird
> Version: 1.0.6-3
> Severity: grave
> Tags: security
>
> The --compose option executes shell commands:
>
> mozilla-thunderbird --compose 'mailto:`df`'
>
> The df output appears in the To: line of the message.
>
> (This is related to the recently disclosed Firefox bug, which does not
> seem to affect Debian thanks to a different wrapper script.)
--
Y Giridhar Appaji Nag | http://
Debian Bug Importer (debzilla) wrote : | #4 |
Message-ID: <email address hidden>
Date: Fri, 23 Sep 2005 15:41:02 +0530
From: Y Giridhar Appaji Nag <email address hidden>
To: Florian Weimer <email address hidden>, <email address hidden>
Cc: <email address hidden>
Subject: Re: Bug#329667: mozilla-thunderbird --compose executes shell commands
merge 329664 329667
thanks
On 05/09/22 17:27 +0200, Florian Weimer said ...
> Package: mozilla-thunderbird
> Version: 1.0.6-3
> Severity: grave
> Tags: security
>
> The --compose option executes shell commands:
>
> mozilla-thunderbird --compose 'mailto:`df`'
>
> The df output appears in the To: line of the message.
>
> (This is related to the recently disclosed Firefox bug, which does not
> seem to affect Debian thanks to a different wrapper script.)
--
Y Giridhar Appaji Nag | http://
Debian Bug Importer (debzilla) wrote : | #5 |
*** Bug 22261 has been marked as a duplicate of this bug. ***
In Debian Bug tracker #329664, Alexander Sack (asac) wrote : setting pending upload | #6 |
tags 329664 + pending
tags 329667 + pending
tags 325536 + pending
tags 292475 + pending
thanks
I will wait one or two more days, because mozilla is about to release
1.0.7 which addresses several security issues.
Setting pending, because the 1.0.6 package is ready here.
- Alexander
p.s. please take care that the bug is listed as To: or CC: when
replying to this mail (e.g. /reply-all/).
--
GPG messages preferred. | .''`. ** Debian GNU/Linux **
Alexander Sack | : :' : The universal
<email address hidden> | `. `' Operating System
http://
Debian Bug Importer (debzilla) wrote : | #7 |
Message-ID: <email address hidden>
Date: Mon, 26 Sep 2005 12:21:53 +0200
From: Alexander Sack - Debian Bugmail <email address hidden>
To: <email address hidden>
Cc: <email address hidden>, <email address hidden>, <email address hidden>,
<email address hidden>
Subject: setting pending upload
tags 329664 + pending
tags 329667 + pending
tags 325536 + pending
tags 292475 + pending
thanks
I will wait one or two more days, because mozilla is about to release
1.0.7 which addresses several security issues.
Setting pending, because the 1.0.6 package is ready here.
- Alexander
p.s. please take care that the bug is listed as To: or CC: when
replying to this mail (e.g. /reply-all/).
--
GPG messages preferred. | .''`. ** Debian GNU/Linux **
Alexander Sack | : :' : The universal
<email address hidden> | `. `' Operating System
http://
In Debian Bug tracker #329664, Alexander Sack (asac) wrote : Bug#329667: fixed in mozilla-thunderbird 1.0.6-4 | #8 |
Source: mozilla-thunderbird
Source-Version: 1.0.6-4
We believe that the bug you reported is fixed in the latest version of
mozilla-
mozilla-
to pool/main/
mozilla-
to pool/main/
mozilla-
to pool/main/
mozilla-
to pool/main/
mozilla-
to pool/main/
mozilla-
to pool/main/
mozilla-
to pool/main/
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Alexander Sack <email address hidden> (supplier of updated mozilla-thunderbird package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 23 Sep 2005 17:00:00 +0100
Source: mozilla-thunderbird
Binary: mozilla-
Architecture: source i386
Version: 1.0.6-4
Distribution: unstable
Urgency: high
Maintainer: Alexander Sack <email address hidden>
Changed-By: Alexander Sack <email address hidden>
Description:
mozilla-
mozilla-
mozilla-
mozilla-
mozilla-
Closes: 292475 325536 329664 329667 330168
Changes:
mozilla-
.
* now using bash to overcome possible security flaws of
our thunderbird start script (mozilla-
by Florian Weimer <email address hidden>
debian/
* added patch 50_ftbfs_
to build on alpha, arm, and ia64 that now uses
__
Steve Langasek <email address hidden>
(Closes: 325536)
* fix debsums error reported by Y Giridhar Appaji Nag
<email address hidden>. Now removing files in postrm.
Further moved /usr/lib/
to the ...
In Debian Bug tracker #329664, Alexander Sack (asac) wrote : Bug#329664: fixed in mozilla-thunderbird 1.0.6-4 | #9 |
Source: mozilla-thunderbird
Source-Version: 1.0.6-4
We believe that the bug you reported is fixed in the latest version of
mozilla-
mozilla-
to pool/main/
mozilla-
to pool/main/
mozilla-
to pool/main/
mozilla-
to pool/main/
mozilla-
to pool/main/
mozilla-
to pool/main/
mozilla-
to pool/main/
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Alexander Sack <email address hidden> (supplier of updated mozilla-thunderbird package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 23 Sep 2005 17:00:00 +0100
Source: mozilla-thunderbird
Binary: mozilla-
Architecture: source i386
Version: 1.0.6-4
Distribution: unstable
Urgency: high
Maintainer: Alexander Sack <email address hidden>
Changed-By: Alexander Sack <email address hidden>
Description:
mozilla-
mozilla-
mozilla-
mozilla-
mozilla-
Closes: 292475 325536 329664 329667 330168
Changes:
mozilla-
.
* now using bash to overcome possible security flaws of
our thunderbird start script (mozilla-
by Florian Weimer <email address hidden>
debian/
* added patch 50_ftbfs_
to build on alpha, arm, and ia64 that now uses
__
Steve Langasek <email address hidden>
(Closes: 325536)
* fix debsums error reported by Y Giridhar Appaji Nag
<email address hidden>. Now removing files in postrm.
Further moved /usr/lib/
to the ...
Debian Bug Importer (debzilla) wrote : | #10 |
Message-Id: <email address hidden>
Date: Thu, 29 Sep 2005 06:32:14 -0700
From: Alexander Sack <email address hidden>
To: <email address hidden>
Subject: Bug#329664: fixed in mozilla-thunderbird 1.0.6-4
Source: mozilla-thunderbird
Source-Version: 1.0.6-4
We believe that the bug you reported is fixed in the latest version of
mozilla-
mozilla-
to pool/main/
mozilla-
to pool/main/
mozilla-
to pool/main/
mozilla-
to pool/main/
mozilla-
to pool/main/
mozilla-
to pool/main/
mozilla-
to pool/main/
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Alexander Sack <email address hidden> (supplier of updated mozilla-thunderbird package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 23 Sep 2005 17:00:00 +0100
Source: mozilla-thunderbird
Binary: mozilla-
Architecture: source i386
Version: 1.0.6-4
Distribution: unstable
Urgency: high
Maintainer: Alexander Sack <email address hidden>
Changed-By: Alexander Sack <email address hidden>
Description:
mozilla-
mozilla-
mozilla-
mozilla-
mozilla-
Closes: 292475 325536 329664 329667 330168
Changes:
mozilla-
.
* now using bash to overcome possible security flaws of
our thunderbird start script (mozilla-
by Florian Weimer <email address hidden>
debian/
* added patch 50_ftbfs_
to build on alpha, arm, and ia64 that now uses
__
Steve Langasek <vorlon@debian....
Debian Bug Importer (debzilla) wrote : | #11 |
Message-Id: <email address hidden>
Date: Thu, 29 Sep 2005 06:32:14 -0700
From: Alexander Sack <email address hidden>
To: <email address hidden>
Subject: Bug#329667: fixed in mozilla-thunderbird 1.0.6-4
Source: mozilla-thunderbird
Source-Version: 1.0.6-4
We believe that the bug you reported is fixed in the latest version of
mozilla-
mozilla-
to pool/main/
mozilla-
to pool/main/
mozilla-
to pool/main/
mozilla-
to pool/main/
mozilla-
to pool/main/
mozilla-
to pool/main/
mozilla-
to pool/main/
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Alexander Sack <email address hidden> (supplier of updated mozilla-thunderbird package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 23 Sep 2005 17:00:00 +0100
Source: mozilla-thunderbird
Binary: mozilla-
Architecture: source i386
Version: 1.0.6-4
Distribution: unstable
Urgency: high
Maintainer: Alexander Sack <email address hidden>
Changed-By: Alexander Sack <email address hidden>
Description:
mozilla-
mozilla-
mozilla-
mozilla-
mozilla-
Closes: 292475 325536 329664 329667 330168
Changes:
mozilla-
.
* now using bash to overcome possible security flaws of
our thunderbird start script (mozilla-
by Florian Weimer <email address hidden>
debian/
* added patch 50_ftbfs_
to build on alpha, arm, and ia64 that now uses
__
Steve Langasek <vorlon@debian....
Adam Conrad (adconrad) wrote : | #12 |
This was fixed in all releases with the various 1.0.7 uploads.
In Debian Bug tracker #329664, Alexander Sack (asac) wrote : Bug#329664: fixed in mozilla-thunderbird 1.0.2-2.sarge1.0.7 | #13 |
Source: mozilla-thunderbird
Source-Version: 1.0.2-2.sarge1.0.7
We believe that the bug you reported is fixed in the latest version of
mozilla-
mozilla-
to pool/main/
mozilla-
to pool/main/
mozilla-
to pool/main/
mozilla-
to pool/main/
mozilla-
to pool/main/
mozilla-
to pool/main/
mozilla-
to pool/main/
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Alexander Sack <email address hidden> (supplier of updated mozilla-thunderbird package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 1 Oct 2005 11:00:00 +0100
Source: mozilla-thunderbird
Binary: mozilla-
Architecture: source i386
Version: 1.0.2-2.sarge1.0.7
Distribution: stable-security
Urgency: critical
Maintainer: Alexander Sack <email address hidden>
Changed-By: Alexander Sack <email address hidden>
Description:
mozilla-
mozilla-
mozilla-
mozilla-
mozilla-
Closes: 329664 329664
Changes:
mozilla-
.
* following issues are addressed with patches in
debian/
patch: debian/
.
* MFSA-2005-57: IDN heap overrun
Summary: Tom Ferris reported a Firefox crash when processing a domain
name consisting solely of soft-hyphen characters.
Closes: -
CVE-Ids: CAN-2005-2871
Bugzilla: 307259
Issues addressed:
+ CAN-2005-2871 ...
Debian Bug Importer (debzilla) wrote : | #14 |
Message-Id: <email address hidden>
Date: Sat, 12 Nov 2005 01:03:49 -0800
From: Alexander Sack <email address hidden>
To: <email address hidden>
Subject: Bug#329664: fixed in mozilla-thunderbird 1.0.2-2.sarge1.0.7
Source: mozilla-thunderbird
Source-Version: 1.0.2-2.sarge1.0.7
We believe that the bug you reported is fixed in the latest version of
mozilla-
mozilla-
to pool/main/
mozilla-
to pool/main/
mozilla-
to pool/main/
mozilla-
to pool/main/
mozilla-
to pool/main/
mozilla-
to pool/main/
mozilla-
to pool/main/
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Alexander Sack <email address hidden> (supplier of updated mozilla-thunderbird package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 1 Oct 2005 11:00:00 +0100
Source: mozilla-thunderbird
Binary: mozilla-
Architecture: source i386
Version: 1.0.2-2.sarge1.0.7
Distribution: stable-security
Urgency: critical
Maintainer: Alexander Sack <email address hidden>
Changed-By: Alexander Sack <email address hidden>
Description:
mozilla-
mozilla-
mozilla-
mozilla-
mozilla-
Closes: 329664 329664
Changes:
mozilla-
.
* following issues are addressed with patches in
debian/
patch: debian/
.
* MFSA-2005-57: IDN heap overrun
Summary: ...
In Debian Bug tracker #329664, Alexander Sack (asac) wrote : | #15 |
Source: mozilla-thunderbird
Source-Version: 1.0.2-2.sarge1.0.7
We believe that the bug you reported is fixed in the latest version of
mozilla-
mozilla-
to pool/main/
mozilla-
to pool/main/
mozilla-
to pool/main/
mozilla-
to pool/main/
mozilla-
to pool/main/
mozilla-
to pool/main/
mozilla-
to pool/main/
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Alexander Sack <email address hidden> (supplier of updated mozilla-thunderbird package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 1 Oct 2005 11:00:00 +0100
Source: mozilla-thunderbird
Binary: mozilla-
Architecture: source i386
Version: 1.0.2-2.sarge1.0.7
Distribution: stable-security
Urgency: critical
Maintainer: Alexander Sack <email address hidden>
Changed-By: Alexander Sack <email address hidden>
Description:
mozilla-
mozilla-
mozilla-
mozilla-
mozilla-
Closes: 329664 329664
Changes:
mozilla-
.
* following issues are addressed with patches in
debian/
patch: debian/
.
* MFSA-2005-57: IDN heap overrun
Summary: Tom Ferris reported a Firefox crash when processing a domain
name consisting solely of soft-hyphen characters.
Closes: -
CVE-Ids: CAN-2005-2871
Bugzilla: 307259
Issues addressed:
+ CAN-2005-2871 ...
Debian Bug Importer (debzilla) wrote : | #16 |
Message-Id: <email address hidden>
Date: Fri, 16 Dec 2005 21:34:54 -0800
From: Alexander Sack <email address hidden>
To: <email address hidden>
Subject: Bug#329664: fixed in mozilla-thunderbird 1.0.2-2.sarge1.0.7
Source: mozilla-thunderbird
Source-Version: 1.0.2-2.sarge1.0.7
We believe that the bug you reported is fixed in the latest version of
mozilla-
mozilla-
to pool/main/
mozilla-
to pool/main/
mozilla-
to pool/main/
mozilla-
to pool/main/
mozilla-
to pool/main/
mozilla-
to pool/main/
mozilla-
to pool/main/
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Alexander Sack <email address hidden> (supplier of updated mozilla-thunderbird package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 1 Oct 2005 11:00:00 +0100
Source: mozilla-thunderbird
Binary: mozilla-
Architecture: source i386
Version: 1.0.2-2.sarge1.0.7
Distribution: stable-security
Urgency: critical
Maintainer: Alexander Sack <email address hidden>
Changed-By: Alexander Sack <email address hidden>
Description:
mozilla-
mozilla-
mozilla-
mozilla-
mozilla-
Closes: 329664 329664
Changes:
mozilla-
.
* following issues are addressed with patches in
debian/
patch: debian/
.
* MFSA-2005-57: IDN heap overrun
Summary: ...
Automatically imported from Debian bug report #329664 http:// bugs.debian. org/329664