[ubuntu/vivid-proposed] mime-support 3.58ubuntu1 (Accepted)

[Marc Deslauriers]

mime-support (3.58ubuntu1) vivid; urgency=medium

  * Resynchronise with Debian.  Remaining changes:
    - Add "cautious-launcher" for handling execution of files that are
      outside /usr and /opt.

mime-support (3.58) unstable; urgency=high

  * CVE-2014-7209: run-mailcap shell command injection.
    Thanks to Timothy D. Morgan for the report.

  d156797 Escape file name also when not passed through %s.  This
          avoids command injections using for instance semicolons.
  b585022 Resolve file name to an absolute path to avoid injection of
          command arguments with file names starting with dashes etc.
          Use File::Spec to avoid race conditions with temporary files.
          Thanks, Salvatore Bonaccorso for the patch.

Date: Tue, 06 Jan 2015 13:59:50 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/mime-support/3.58ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 06 Jan 2015 13:59:50 -0500
Source: mime-support
Binary: mime-support
Architecture: source
Version: 3.58ubuntu1
Distribution: vivid
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 mime-support - MIME files 'mime.types' & 'mailcap', and support programs
Changes:
 mime-support (3.58ubuntu1) vivid; urgency=medium
 .
   * Resynchronise with Debian.  Remaining changes:
     - Add "cautious-launcher" for handling execution of files that are
       outside /usr and /opt.
 .
 mime-support (3.58) unstable; urgency=high
 .
   * CVE-2014-7209: run-mailcap shell command injection.
     Thanks to Timothy D. Morgan for the report.
 .
   d156797 Escape file name also when not passed through %s.  This
           avoids command injections using for instance semicolons.
   b585022 Resolve file name to an absolute path to avoid injection of
           command arguments with file names starting with dashes etc.
           Use File::Spec to avoid race conditions with temporary files.
           Thanks, Salvatore Bonaccorso for the patch.
Checksums-Sha1:
 a8576acd0deb961743c482327392463823d7238e 1711 mime-support_3.58ubuntu1.dsc
 85a9a50284e753955d9518bf366143f11529b21d 36932 mime-support_3.58ubuntu1.tar.gz
Checksums-Sha256:
 5a2000fa360170256eb02c12707b3c6f02414983d164bceef4797de25d210bd0 1711 mime-support_3.58ubuntu1.dsc
 359014c892432870e43b153287391d1212efd7b8ed8571508a65b6aa0488a17d 36932 mime-support_3.58ubuntu1.tar.gz
Files:
 a4341aa85cac8ead748f1fe98870eb88 1711 net standard mime-support_3.58ubuntu1.dsc
 2993d8d7a8eb528eef4ef079edc872cd 36932 net standard mime-support_3.58ubuntu1.tar.gz
Original-Maintainer: Mime-Support Maintainers <mime-support at plessy.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJUrDF6AAoJEGVp2FWnRL6TOfcP/1TngsDJ1RgJNrqs9xtfwbLa
8sahFBvO9q+DLzEEX2HdZrHe4Peyx+pF3i8GKt57vSh/3LfMI4WbSSy77rE3f9Zb
o3PouwRNAHOhBVKsV5Y/lbHPAjLha1lqq6CQXzo7R3KfXz6A9VuTLVMw4Va/XKsx
eMgjer3ewho7jEZgYyPlWqT3NrDglDe/ahqXqoXJMVpF03ekXGyE8Py5DDF7IxnS
OZYiqeCKJnP2tnbtD8dZDyvokoNzzyCHR6iqTasGZSpMmvOJay1IQAPOPbhyiQG0
eTAxyKUJpluDSoYRVb1gBGpKMHtXDMNS0lcLTz2oXQw5h6Rupt3cAZM8v//9qsAU
6/Ck7MbXxXybFpwKDcY1HrM1WQlfj7aSqZm9UCzKnk8f8KYNW4Z/rRLDRf4k3R+k
bFKWxEsSy6pAk4hYhds+z5lCkfZZLq6+QYdsPsYoPJKU9KnmdPVB8O3hf5XDgY/X
hXw9AySlX4Gpg4RbmB0FaU05+ngkhXfIVK3uhVk9RSebzflSHR+V9F7xiyOu1eBv
qZSmWkgxWbsF6CSx5nrDD8YQpnK2n6Vz2KHBpq1kVPEhy+jsXRKNzOWvtUHVw5CH
kUPMdUmguM0BOTD+cQhYK2fkYAC9Cn1n0cR5i6TH+nobS+5LIuY5VlTIdnbLVZPO
1FwEHzrG8cmdj3Ok08/m
=wX9A
-----END PGP SIGNATURE-----