RE: [Linux] glibc 2.1.x / wu-

From: Tom Bosscher (Tom.Bosscher@VICKERS-SYSTEMS.COM)
Date: Thu Sep 09 1999 - 07:40:57 PDT

  • Next message: has last: "9/9/99 and WiN95 Problems" 

    unsubscribe

-----Original Message-----
From: BUGTRAQ(a)SECURITYFOCUS.COM [mailto:BUGTRAQ(a)SECURITYFOCUS.COM]
Sent: Sunday, September 05, 1999 2:48 PM
To: BUGTRAQ(a)SECURITYFOCUS.COM
Subject: Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx /
vlock / mc / glibc 2.0.x


On Mon, 30 Aug 1999, Norbert Warmuth wrote:
> Michal Zalewski writes:
> > Also, mc seems to have serious problems with directories containing
shell
> > commands enclosed in $(...) construction. Bad.
> What are you talking about? Please send details to
mc-bugsat_private

I haven't got any response from Michal and hasn't been able to
reproduce any problems with directories containing "$(...)" either.

Wojtek Pilorz reminded of the bash 1.14 vulnerability when PS1 contains
\w or \W. As MC doesn't touch PS1 blaming MC for this is more than
far-fetched.

Pavel Machek got the message 'Warning: Couldn't change to /tmp/$( ...
)'
because he triggered a MC bug which was fixed in March 1999 (release
4.5.27).

Last not least there was an issue with uncompressing files which was
fixed in 4.5.38.

The Midnight Commander bug's mentioned above are fixed in the latest
release which doesn't contain known security vulnerabilities. You can
get it from
     ftp://ftp.gnome.org/pub/GNOME/sources/mc

Please report bugs to mc-bugsat_private, thanks.

Kind regards,
Norbert

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:02:47 PDT