Bug#763338: /usr/bin/vorbistagedit: Doesn't escape filenames properly

Matthew Gabeler-Lee cheetah at fastcat.org
Mon Sep 29 12:57:46 UTC 2014

Package: vorbis-tools
Version: 1.4.0-1.1
Severity: normal
File: /usr/bin/vorbistagedit

If vorbistagedit is invoked with a filename containing whitespace or dashes,
it does not process these correctly.

For example, if invoked with a filename containing " -T", it emits:

vorbistagedit: invalid option -- 'T'

And then the usage information and then exits.  I think this is caused by
the following line in the script:

for opt in $(getopt -n $ME -l version,help -o Vh? -- $@); do

Here $@ should be "$@" so that it doesn't undergo word splitting, I think.

-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.14-2-amd64 (SMP w/12 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages vorbis-tools depends on:
ii  libao4           1.1.0-3
ii  libc6            2.19-11
ii  libcurl3-gnutls  7.38.0-1
ii  libflac8         1.3.0-2
ii  libogg0          1.3.2-1
ii  libspeex1        1.2~rc1.2-1
ii  libvorbis0a      1.3.2-1.4
ii  libvorbisenc2    1.3.2-1.4
ii  libvorbisfile3   1.3.2-1.4

vorbis-tools recommends no packages.

vorbis-tools suggests no packages.

-- no debconf information

More information about the pkg-xiph-maint mailing list