[11747] in bugtraq
Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock
daemon@ATHENA.MIT.EDU (Norbert Warmuth)
Wed Sep 8 15:09:53 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <14291.25293.539716.586423@floh.privat.circular.de>
Date: Mon, 6 Sep 1999 08:47:21 +0200
Reply-To: Norbert Warmuth <nwarmuth@PRIVAT.CIRCULAR.DE>
From: Norbert Warmuth <nwarmuth@PRIVAT.CIRCULAR.DE>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <14282.6738.523996.809083@floh.privat.circular.de>
On Mon, 30 Aug 1999, Norbert Warmuth wrote:
> Michal Zalewski writes:
> > Also, mc seems to have serious problems with directories containing shell
> > commands enclosed in $(...) construction. Bad.
> What are you talking about? Please send details to mc-bugs@nuclecu.unam.mx.
I haven't got any response from Michal and hasn't been able to
reproduce any problems with directories containing "$(...)" either.
Wojtek Pilorz reminded of the bash 1.14 vulnerability when PS1 contains
\w or \W. As MC doesn't touch PS1 blaming MC for this is more than
far-fetched.
Pavel Machek got the message 'Warning: Couldn't change to /tmp/$( ... )'
because he triggered a MC bug which was fixed in March 1999 (release
4.5.27).
Last not least there was an issue with uncompressing files which was
fixed in 4.5.38.
The Midnight Commander bug's mentioned above are fixed in the latest
release which doesn't contain known security vulnerabilities. You can
get it from
ftp://ftp.gnome.org/pub/GNOME/sources/mc
Please report bugs to mc-bugs@nuclecu.unam.mx, thanks.
Kind regards,
Norbert
