Bug#982953: marked as done (openshot-qt has mailcap entries with quoted %-escapes)
Your message dated Wed, 11 Oct 2023 16:20:02 +0000
with message-id <E1qqbwI-00GdmP-F4@fasolo.debian.org>
and subject line Bug#982953: fixed in openshot-qt 3.1.1+dfsg1-1
has caused the Debian Bug report #982953,
regarding openshot-qt has mailcap entries with quoted %-escapes
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
982953: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982953
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: openshot-qt has mailcap entries with quoted %-escapes
- From: Marriott NZ <marriott99@gmx.com>
- Date: Wed, 17 Feb 2021 11:08:38 +0100
- Message-id: <trinity-1bc135a1-70f6-4766-8554-279714787b5c-1613556518353@3c-app-mailcom-bs01>
Package: openshot-qt
Version: 2.5.1+dfsg1-1
Tags: security
Dear Maintainer,
the openshot-qt package has mailcap entries with quoted %-escapes. That is considered unsafe. Proper escaping should be left to the programs using the entry.
This Lintian tag is triggered:
https://lintian.debian.org/tags/quoted-placeholder-in-mailcap-entry.html
See also grave bug #930908, which was recently closed because "a Lintian test already exists":
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930908
I'm using the "security" tag because the affected rules in combination with certain mail user agents (or document openers) are the cause of a shell command injection vulnerability.
/usr/lib/mime/packages/openshot-qt should be changed from:
application/vnd.openshot-qt-project; /usr/bin/openshot-qt '%s'; test=test -n "$DISPLAY"; priority=5
to:
application/vnd.openshot-qt-project; /usr/bin/openshot-qt %s; test=test -n "$DISPLAY"; priority=5
If you need more information let me know.
Thanks,
MNZ
--- End Message ---
--- Begin Message ---
Source: openshot-qt
Source-Version: 3.1.1+dfsg1-1
Done: Dr. Tobias Quathamer <toddy@debian.org>
We believe that the bug you reported is fixed in the latest version of
openshot-qt, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 982953@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Dr. Tobias Quathamer <toddy@debian.org> (supplier of updated openshot-qt package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 11 Oct 2023 17:47:52 +0200
Source: openshot-qt
Architecture: source
Version: 3.1.1+dfsg1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: Dr. Tobias Quathamer <toddy@debian.org>
Closes: 982953 985332 1035425
Changes:
openshot-qt (3.1.1+dfsg1-1) unstable; urgency=medium
.
* Team upload.
* New upstream version 3.1.1+dfsg1 (Closes: #1035425)
- Refresh patches and drop those applied upstream
- Build-Depend on python3-openshot (>= 0.3.2)
- Do not call chmod in d/rules for removed file
- Remove possible privacy breach in documentation
* Update Standards-Version to 4.6.2, no changes needed
* Update d/copyright
* Do not use quoted %-escapes in mailcap entries. (Closes: #982953)
* Move blender and inkscape from Recommends to Suggests. (Closes: #985332)
Checksums-Sha1:
e19344d750baa36216dd9de4e341efd9cebfb61a 2208 openshot-qt_3.1.1+dfsg1-1.dsc
089d7f1b454b04b0731eb99786fad54579ff22a1 87177792 openshot-qt_3.1.1+dfsg1.orig.tar.xz
f2fab0b11410f02c8565c8c7886ee4aab464eb0b 214368 openshot-qt_3.1.1+dfsg1-1.debian.tar.xz
36816dab1805d4cb6319a13a49bef04adf059a3d 11075 openshot-qt_3.1.1+dfsg1-1_amd64.buildinfo
Checksums-Sha256:
41302054d5b400edff4b49d26ac2595c2dadb275f546168aea0ce4c1c031313c 2208 openshot-qt_3.1.1+dfsg1-1.dsc
d1c9d33d2bc434da6479f5dc60cf39b42e66d0cca1c120d9d5dec0f65bf8d950 87177792 openshot-qt_3.1.1+dfsg1.orig.tar.xz
1fe8ce5c6205ef610f85a2fb64e36952fd0a0c11a5a9c1dab7acca7caf2d2065 214368 openshot-qt_3.1.1+dfsg1-1.debian.tar.xz
e8a64717998744f6cccde786a0a6dd0f89efc4ac71d63d2f2be011217fa75e02 11075 openshot-qt_3.1.1+dfsg1-1_amd64.buildinfo
Files:
bc1fbdfd667434dde2506fed202d300e 2208 video optional openshot-qt_3.1.1+dfsg1-1.dsc
862aaad8bca0621cd3cdbfac40515bf1 87177792 video optional openshot-qt_3.1.1+dfsg1.orig.tar.xz
ffe1be7ef83dec4465c0cc210e140699 214368 video optional openshot-qt_3.1.1+dfsg1-1.debian.tar.xz
2646557fc534ef2bb5193c81190c44d1 11075 video optional openshot-qt_3.1.1+dfsg1-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEE0cuPObxd7STF0seMEwLx8Dbr6xkFAmUmxYEACgkQEwLx8Dbr
6xk7Ww/9FmBwqAIXryZ1SMxfSw2JKwauFntvlpAyoMbdVPKazD/t+Xji7XADJtnS
e5oiKx7lKX8PnFXnmDW0lqKW5mmE3iejdVzC+vqZ63MVm42797bdG2H5kkr9SYvz
Mw2Wfidjct6ZiN/bIfM5kYVYpi3qlRs+cFY762+PmJeFh2NtX2UNF9niihd2s67d
1UyXXXJTOT+7k9X3zzRZ2sxVR+46uwss/PIWGIFBDYpe0je+xseTgUQ21qG/5oKR
5tIFS8++MrjJNMwDXr+bvn4le5gqb6T7kiW6wDtqLb2U/aQ+Yo6tvtubihxc+wGt
H15XYVqXkFD5Up6aBdOxQQZThDxA1mMMDc0/fbszscFZvBuPlwOdc4PSrDYdoRP3
ypRqu21AJeaefVzGXTT10ars8lI8SFtSPGiYP2B2MIZ/QMuBC6BMbA1FNk+8f/Gq
sx9EsD53IJbdWEblyytjebbIuMDAlFnfDr10SNujdobgJBmPjRVoarpkTcPaxFkb
gFH1iXCuGshDSKYzVm0gqGmdM7pIUMbthrXTIjLazY0Ftngl5jnBMyzPi33zH6HR
qXM+lsXpEOJFUaa3sayBE4YJT+W7E1jw5PlciiC+CyFG5jcbQI3ZfOfMH+MTmQwq
ZeXmGfAiZQRVk86ROo+SailCwsYwFIia9JoMfX9qI/UuXbS5hXg=
=Votg
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: