Bug#763338: /usr/bin/vorbistagedit: Doesn't escape filenames properly
Matthew Gabeler-Lee
cheetah at fastcat.org
Mon Sep 29 12:57:46 UTC 2014
Package: vorbis-tools
Version: 1.4.0-1.1
Severity: normal
File: /usr/bin/vorbistagedit
If vorbistagedit is invoked with a filename containing whitespace or dashes,
it does not process these correctly.
For example, if invoked with a filename containing " -T", it emits:
vorbistagedit: invalid option -- 'T'
And then the usage information and then exits. I think this is caused by
the following line in the script:
for opt in $(getopt -n $ME -l version,help -o Vh? -- $@); do
Here $@ should be "$@" so that it doesn't undergo word splitting, I think.
-- System Information:
Debian Release: jessie/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.14-2-amd64 (SMP w/12 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages vorbis-tools depends on:
ii libao4 1.1.0-3
ii libc6 2.19-11
ii libcurl3-gnutls 7.38.0-1
ii libflac8 1.3.0-2
ii libogg0 1.3.2-1
ii libspeex1 1.2~rc1.2-1
ii libvorbis0a 1.3.2-1.4
ii libvorbisenc2 1.3.2-1.4
ii libvorbisfile3 1.3.2-1.4
vorbis-tools recommends no packages.
vorbis-tools suggests no packages.
-- no debconf information
More information about the pkg-xiph-maint
mailing list