<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title> Issue 24778: [CVE-2015-20107] mailcap.findmatch: document shell command Injection danger in filename parameter - Python tracker </title> <link rel="shortcut icon" href="@@file/favicon.ico" /> <link rel="stylesheet" type="text/css" href="@@file/main.css" /> <link rel="stylesheet" type="text/css" href="@@file/style.css" /> <link rel="search" type="application/opensearchdescription+xml" href="@@file/osd.xml" title="Python bug tracker search" /> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <script nonce="d15d45ceb5038d5b2dcd0c35bc7c95011f3f441bc9b677ab06dba3fb0e163df3" type="text/javascript"> submitted = false; function submit_once() { if (submitted) { alert("Your request is being processed.\nPlease be patient."); return false; } submitted = true; return true; } function help_window(helpurl, width, height) { HelpWin = window.open('https://bugs.python.org/' + helpurl, 'RoundupHelpWindow', 'scrollbars=yes,resizable=yes,toolbar=no,height='+height+',width='+width); HelpWin.focus () } </script> <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js"></script> <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.15/jquery-ui.js"></script> <script type="text/javascript" src="@@file/issue.item.js"></script> <link rel="stylesheet" type="text/css" href="https://ajax.googleapis.com/ajax/libs/jqueryui/1.8/themes/smoothness/jquery-ui.css" /> </head> <body> <!-- Logo --> <h1 id="logoheader"> <a accesskey="1" href="." id="logolink"> <img src="@@file/python-logo.gif" alt="homepage" border="0" id="logo" /></a> </h1> <div id="utility-menu"> <!-- Search Box --> <div id="searchbox"> <form name="searchform" method="get" action="issue" id="searchform"> <div id="search"> <input type="hidden" name="@columns" value="id,github,activity,title,creator,assignee,status,type" /> <input type="hidden" name="@sort" value="-activity" /> <input type="hidden" name="@filter" value="status" /> <input type="hidden" name="@action" value="searchid" /> <input type="hidden" name="ignore" value="file:content" /> <input class="input-text" id="search-text" name="@search_text" size="10" /> <input type="submit" id="submit" value="search" name="submit" class="input-button" /> <input type="radio" name="status" id="status_notresolved" value="-1,1,3" /> <label for="status_notresolved">open</label> <input type="radio" name="status" checked="checked" id="status_all" value="-1,1,2,3" /> <label for="status_all">all</label> </div> </form> </div> </div> <div id="left-hand-navigation"> <!-- Main Menu NEED LEVEL TWO HEADER AND FOOTER --> <div id="menu"> <ul class="level-one"> <li><a href="https://www.python.org/" title="Go to the Python homepage">Python Home</a></li> <li><a href="https://www.python.org/about/" title="About The Python Language">About</a></li> <li><a href="https://www.python.org/blogs/" title="">News</a></li> <li><a href="https://www.python.org/doc/" title="">Documentation</a></li> <li><a href="https://www.python.org/downloads/" title="">Downloads</a></li> <li><a href="https://www.python.org/community/" title="">Community</a></li> <li><a href="https://www.python.org/psf/" title="Python Software Foundation">Foundation</a></li> <li><a href="https://devguide.python.org/" title="Python Developer's Guide">Developer's Guide</a></li> <li class="selected"><a href="." class="selected" title="Python Issue Tracker">Issue Tracker</a> <ul class="level-two"> <li> <strong>Issues</strong> <ul class="level-three"> <li><a href="issue?@template=search&amp;status=1">Search</a></li> <li><a href="issue?@action=random">Random Issue</a></li> <li> <form method="post" action="issue24778"> <input type="submit" class="form-small" value="Show issue:" /> <input class="form-small" size="4" type="text" name="@number" /> <input type="hidden" name="@type" value="issue" /> <input type="hidden" name="@action" value="show" /> </form> </li> </ul> </li> <li> <strong>Summaries</strong> <ul class="level-three"> <li> <a href="issue?status=1&amp;@sort=-activity&amp;@columns=id%2Cgithub%2Cactivity%2Ctitle%2Ccreator%2Cstatus&amp;@dispname=Issues%20with%20patch&amp;@startwith=0&amp;@group=priority&amp;keywords=2&amp;@action=search&amp;@filter=&amp;@pagesize=50">Issues with patch</a> </li> <li> <a href="issue?status=1&amp;@sort=-activity&amp;@columns=id%2Cgithub%2Cactivity%2Ctitle%2Ccreator%2Cstatus&amp;@dispname=Easy%20issues&amp;@startwith=0&amp;@group=priority&amp;keywords=6&amp;@action=search&amp;@filter=&amp;@pagesize=50">Easy issues</a> </li> <li> <a href="issue?@template=stats">Stats</a> </li> </ul> </li> <li> <strong>User</strong> <form method="post" action="issue24778"> <ul class="level-three"> <li> Login<br /> <input size="10" name="openid_identifier" style="" /><br /> <input size="10" type="password" name="__login_password" /><br /> <input type="hidden" name="@action" value="Login" /> <input type="checkbox" name="remember" id="remember" /> <label for="remember">Remember me?</label><br /> <input class="form-small" type="submit" value="Login" /><br /> <input type="hidden" name="__came_from" value="https://bugs.python.org/issue24778?"> <input type="hidden" name="@sort" value=""/> <input type="hidden" name="@group" value=""/> <input type="hidden" name="@pagesize" value="50"/> <input type="hidden" name="@startwith" value="0"/> </li> <li> </li> <li><a href="user?@template=forgotten">Lost&nbsp;your&nbsp;login?</a></li> </ul> </form> </li> <li> <strong>Administration</strong> <ul class="level-three"> <li> <a href="user?@sort=username">User List</a></li> <li> <a href="user?iscommitter=1&amp;@action=search&amp;@sort=username&amp;@pagesize=300">Committer List</a></li> </ul> </li> <li> <strong>Help</strong> <ul class="level-three"> <li><a href="http://docs.python.org/devguide/triaging.html"> Tracker Documentation</a></li> <li><a href="http://wiki.python.org/moin/TrackerDevelopment"> Tracker Development</a></li> <li><a href="https://github.com/python/psf-infra-meta/issues"> Report Tracker Problem</a></li> </ul> </li> </ul> </li> </ul> </div> <!-- menu --> </div> <!-- left-hand-navigation --> <div id="content-body"> <div id="body-main"> <div id="content"> <div id="breadcrumb"> Issue24778 </div> <div id="migration-notice"> <div id="migration-images"> <img width="32" src="@@file/python-logo-small.png" /> ➜ <a href="https://github.com/python/cpython/issues"><img width="32" src="@@file/gh-icon.png" /></a> </div> <p>This issue tracker <b>has been migrated to <a href="https://github.com/python/cpython/issues">GitHub</a></b>, and is currently <b>read-only</b>.<br /> For more information, <a title="GitHub FAQs" href="https://devguide.python.org/gh-faq/"> see the GitHub FAQs in the Python's Developer Guide.</a></p> </div> <div> <form method="post" name="itemSynopsis" onsubmit="return submit_once()" enctype="multipart/form-data" action="issue24778"> <div id="gh-issue-link"> <a href="https://github.com/python/cpython/issues/68966"> <img width="32" src="@@file/gh-icon.png" /> <p> <span>This issue has been migrated to GitHub:</span> https://github.com/python/cpython/issues/68966 </p> </a> </div> <fieldset><legend>classification</legend> <table class="form"> <tr> <th class="required"><a href="http://docs.python.org/devguide/triaging.html#title" target="_blank">Title</a>:</th> <td colspan="3"> <span>[CVE-2015-20107] mailcap.findmatch: document shell command Injection danger in filename parameter</span> <input type="hidden" name="title" value="[CVE-2015-20107] mailcap.findmatch: document shell command Injection danger in filename parameter"> </td> </tr> <tr> <th class="required"><a href="http://docs.python.org/devguide/triaging.html#type" target="_blank">Type</a>:</th> <td>security</td> <th><a href="http://docs.python.org/devguide/triaging.html#stage" target="_blank">Stage</a>:</th> <td></td> </tr> <tr> <th><a href="http://docs.python.org/devguide/triaging.html#components" target="_blank">Components</a>:</th> <td>Documentation, Library (Lib)</td> <th><a href="http://docs.python.org/devguide/triaging.html#versions" target="_blank">Versions</a>:</th> <td>Python 3.11</td> </tr> </table> </fieldset> <fieldset><legend>process</legend> <table class="form"> <tr> <th><a href="http://docs.python.org/devguide/triaging.html#status" target="_blank">Status</a>:</th> <td>open</td> <th><a href="http://docs.python.org/devguide/triaging.html#resolution" target="_blank">Resolution</a>:</th> <td></td> </tr> <tr> <th> <a href="http://docs.python.org/devguide/triaging.html#dependencies" target="_blank">Dependencies</a>: </th> <td> </td> <th><a href="http://docs.python.org/devguide/triaging.html#superseder" target="_blank">Superseder</a>:</th> <td> </td> </tr> <tr> <th> <a href="http://docs.python.org/devguide/triaging.html#assigned-to" target="_blank">Assigned To</a>: </th> <td> docs@python </td> <th> <a href="http://docs.python.org/devguide/triaging.html#nosy-list" target="_blank">Nosy List</a><!-- <span tal:condition="context/nosy_count" tal:replace="python: ' (%d)' % context.nosy_count" /> -->: </th> <td> TheRegRunner, docs@python, r.david.murray, vstinner </td> </tr> <tr> <th> <a href="http://docs.python.org/devguide/triaging.html#priority" target="_blank">Priority</a>: </th> <td>normal</td> <th> <a href="http://docs.python.org/devguide/triaging.html#keywords" target="_blank">Keywords</a>: </th> <td></td> </tr> </table> </fieldset> </form> <p>Created on <strong>2015-08-02 08:25</strong> by <strong>TheRegRunner</strong>, last changed <strong>2022-04-19 08:02</strong> by <strong>vstinner</strong>.</p> <table class="files"> <tr><th colspan="5" class="header">Files</th></tr> <tr> <th>File name</th> <th>Uploaded</th> <th>Description</th> <th>Edit</th> </tr> <tr> <td> <a href="file40099/screenshot.png">screenshot.png</a> </td> <td> <span>TheRegRunner</span>, <span>2015-08-02 08:25</span> </td> <td></td> <td> </td> </tr> <tr> <td> <a href="file40116/The%20Quote%20Problem.py">The Quote Problem.py</a> </td> <td> <span>TheRegRunner</span>, <span>2015-08-03 19:27</span> </td> <td></td> <td> </td> </tr> <tr> <td> <a href="file40897/mailcap%20patch.zip">mailcap patch.zip</a> </td> <td> <span>TheRegRunner</span>, <span>2015-10-29 19:26</span> </td> <td>mailcap.py patches and diffs for python2.7 and python 3.5</td> <td> </td> </tr> </table> <table class="messages"> <tr><th colspan="4" class="header">Messages (15)</th></tr> <tr> <th> <a href="#msg247857" id="msg247857">msg247857</a> - <a href="msg247857">(view)</a></th> <th>Author: Bernd Dietzel (TheRegRunner)</th> <th>Date: 2015-08-02 08:25</th> </tr> <tr> <td colspan="4" class="content"> <pre>if the filename contains Shell Commands they will be executed if they are passed to os.system() as discribed in the docs. Filename should be quoted with quote(filename) to fix the bug. <a href="https://docs.python.org/2/library/mailcap.html">https://docs.python.org/2/library/mailcap.html</a> "mailcap.findmatch(/caps/, /MIMEtype/[, /key/[, /filename/[, /plist/]]]) Return a 2-tuple; the first element is a string containing the command line to be executed (which can be passed to*os.system() *), ......" Exploid Demo wich runs xterm but should not : ============================= import mailcap d=mailcap.getcaps() commandline,MIMEtype=mailcap.findmatch(d, "text/*", filename="'$(xterm);#.txt") ## commandline = "less ''$(xterm);#.txt'" import os os.system(commandline) ## xterm starts ============================= By the way ... please do not use os.system() in your code, makes it unsafe. Best regards Bernd Dietzel Germany</pre> </td> </tr> <tr> <th> <a href="#msg247861" id="msg247861">msg247861</a> - <a href="msg247861">(view)</a></th> <th>Author: Bernd Dietzel (TheRegRunner)</th> <th>Date: 2015-08-02 10:16</th> </tr> <tr> <td colspan="4" class="content"> <pre>Maybe it would be a good idea to do so as run-mailcap does : <a href="mailto:theregrunner@mint17">theregrunner@mint17</a> : ~ € run-mailcap --debug "';xterm;#'.txt" - parsing parameter "';xterm;#'.txt" - Reading mime.types file "/etc/mime.types"... - extension "txt" maps to mime-type "text/plain" - Reading mailcap file "/etc/mailcap"... Processing file "';xterm;#'.txt" of type "text/plain" (encoding=none)... - checking mailcap entry "text/plain; less '%s'; needsterminal" - program to execute: less '%s' - filename contains shell meta-characters; aliased to '/tmp/fileV7f2MZ' - executing: less '/tmp/fileV7f2MZ' <a href="mailto:theregrunner@mint17">theregrunner@mint17</a> : ~ €</pre> </td> </tr> <tr> <th> <a href="#msg247944" id="msg247944">msg247944</a> - <a href="msg247944">(view)</a></th> <th>Author: R. David Murray (r.david.murray) <span title="Contributor form received">*</span> <img src="@@file/committer.png" title="Python committer" alt="(Python committer)" /></th> <th>Date: 2015-08-03 18:44</th> </tr> <tr> <td colspan="4" class="content"> <pre>In this case os.system is an appropriate API, because it mirrors the API of mailcap itself (that is, mailcap entries are shell commands). I'm not convinced there is a security bug here. It seems to me that there are two cases: either the filename is determined by the program, in which case there is no security issue, or the filename comes from an external source, and the program will have had to *write it to the file system* before the mailcap command will do anything. So the security hole, if any, will have happened earlier in the process. Now, one can argue that the quoting should be done in order to preserve the meaning of an arbitrary filename. Which would allay your concern even if I disagree that it is a real security bug :) (I don't understand why run-mailcap uses an alias rather than correctly quoting the meta-characters.)</pre> </td> </tr> <tr> <th> <a href="#msg247946" id="msg247946">msg247946</a> - <a href="msg247946">(view)</a></th> <th>Author: Bernd Dietzel (TheRegRunner)</th> <th>Date: 2015-08-03 19:27</th> </tr> <tr> <td colspan="4" class="content"> <pre>@David Thanks for the comment :-) I think if you read the Documentation <a href="https://docs.python.org/2/library/mailcap.html">https://docs.python.org/2/library/mailcap.html</a> this may lead new programmers, wich may never heard of Shell Injections before, step by step directly to write insecure webbbrowsers and/or mail readers. At least there should be a warning in the docs ! You ask why run-mailcap do not use quotig, i believe because quoting is not an easy thing to do, i attached a demo ;-) Thank you.</pre> </td> </tr> <tr> <th> <a href="#msg247951" id="msg247951">msg247951</a> - <a href="msg247951">(view)</a></th> <th>Author: Bernd Dietzel (TheRegRunner)</th> <th>Date: 2015-08-03 20:31</th> </tr> <tr> <td colspan="4" class="content"> <pre>Exploid Demo wich works with quote() : &gt;&gt;&gt; commandline,MIMETYPE=mailcap.findmatch(d, 'text/*', filename=quote(';xterm;#.txt')) &gt;&gt;&gt; commandline "less '';xterm;#.txt''" &gt;&gt;&gt; os.system(commandline) ### xterm starts</pre> </td> </tr> <tr> <th> <a href="#msg247979" id="msg247979">msg247979</a> - <a href="msg247979">(view)</a></th> <th>Author: R. David Murray (r.david.murray) <span title="Contributor form received">*</span> <img src="@@file/committer.png" title="Python committer" alt="(Python committer)" /></th> <th>Date: 2015-08-04 03:08</th> </tr> <tr> <td colspan="4" class="content"> <pre>Hmm. I see. The problem is that our desire to quote conflicts with mailcap's attempts to quote. I now agree with you that run-mailcap's approach is correct, but creating a temporary alias is out of scope for findmatch. That would need to be done by findmatch's caller. I think we should add a documentation note about the problem and the solution. I don't see any reliable way to detect the problem and raise an error for the same reason that quoting doesn't work. (The aliasing can tolerate false positives; but, for backward compatibility reasons, an error detection function here cannot.) It would be possible to add a helper for the aliasing to 3.6, but if someone wants to propose that they should open an new issue for the enhancement. I'm</pre> </td> </tr> <tr> <th> <a href="#msg247992" id="msg247992">msg247992</a> - <a href="msg247992">(view)</a></th> <th>Author: Bernd Dietzel (TheRegRunner)</th> <th>Date: 2015-08-04 18:42</th> </tr> <tr> <td colspan="4" class="content"> <pre>Yes changing the docs is a good idea. I was thinking about a patch : import os ####### patch import random try: from shlex import quote except ImportError: from pipes import quote ####### ....... and so on .... # Part 3: using the database. def findmatch(caps, MIMEtype, key='view', filename="/dev/null", plist=[]): """Find a match for a mailcap entry. Return a tuple containing the command line, and the mailcap entry used; (None, None) if no match is found. This may invoke the 'test' command of several matching entries before deciding which entry to use. """ entries = lookup(caps, MIMEtype, key) # XXX This code should somehow check for the needsterminal flag. for e in entries: if 'test' in e: test = subst(e['test'], filename, plist) if test and os.system(test) != 0: continue ####### patch ps=''.join(random.choice('python') for i in range(100)) x=e[key] while '%s' in x: x=x.replace('%s',ps) command=subst(x, MIMEtype, filename, plist) while "'"+ps+"'" in command: command=command.replace("'"+ps+"'",quote(filename)) while ps in command: command=command.replace(ps,quote(filename)) ###### command = subst(e[key], MIMEtype, filename, plist) return command, e return None, None</pre> </td> </tr> <tr> <th> <a href="#msg248058" id="msg248058">msg248058</a> - <a href="msg248058">(view)</a></th> <th>Author: Bernd Dietzel (TheRegRunner)</th> <th>Date: 2015-08-05 18:58</th> </tr> <tr> <td colspan="4" class="content"> <pre># for the docs ... quoting of the filename when you call mailcap.findmatch() f=";xterm;#.txt" # Shell Command Demo ... xterm will run if quote() fails import mailcap import random try: from shlex import quote except ImportError: from pipes import quote d=mailcap.getcaps() PY=''.join(random.choice('PYTHON') for i in range(100)) cmd,MIMEtype=mailcap.findmatch(d, 'text/plain', filename=PY) while "'"+PY+"'" in cmd: cmd=cmd.replace("'"+PY+"'",quote(f)) while PY in cmd: cmd=cmd.replace(PY,quote(f)) print(cmd) # less ';xterm;#.txt'</pre> </td> </tr> <tr> <th> <a href="#msg248061" id="msg248061">msg248061</a> - <a href="msg248061">(view)</a></th> <th>Author: R. David Murray (r.david.murray) <span title="Contributor form received">*</span> <img src="@@file/committer.png" title="Python committer" alt="(Python committer)" /></th> <th>Date: 2015-08-05 19:18</th> </tr> <tr> <td colspan="4" class="content"> <pre>I have no idea what your code samples are trying to accomplish, I'm afraid, but that's not the kind of documentation I'm advocating anyway.</pre> </td> </tr> <tr> <th> <a href="#msg248062" id="msg248062">msg248062</a> - <a href="msg248062">(view)</a></th> <th>Author: Bernd Dietzel (TheRegRunner)</th> <th>Date: 2015-08-05 19:32</th> </tr> <tr> <td colspan="4" class="content"> <pre>What i do is the last doc is like this : 1) Replace the filename with a random name 2) Run mailcap.findmatch() with the random name 3) If exists, replace the quote characters ' before and behind the random name with nothing. 4) Now the random name has no quoting from mailcap itself 5) So now we can use our own quote() savely</pre> </td> </tr> <tr> <th> <a href="#msg248070" id="msg248070">msg248070</a> - <a href="msg248070">(view)</a></th> <th>Author: R. David Murray (r.david.murray) <span title="Contributor form received">*</span> <img src="@@file/committer.png" title="Python committer" alt="(Python committer)" /></th> <th>Date: 2015-08-05 20:06</th> </tr> <tr> <td colspan="4" class="content"> <pre>Ah, that's a clever idea.</pre> </td> </tr> <tr> <th> <a href="#msg248074" id="msg248074">msg248074</a> - <a href="msg248074">(view)</a></th> <th>Author: Bernd Dietzel (TheRegRunner)</th> <th>Date: 2015-08-05 20:26</th> </tr> <tr> <td colspan="4" class="content"> <pre>Thanks :-) As you may noticed i now choosed to use a random name made of the chars of "PYTHON" in BIG letters instead of small letters i used before. Thats because i do not want to get in trouble with the little "t" in %t wich is replaced by the subst function too.</pre> </td> </tr> <tr> <th> <a href="#msg253689" id="msg253689">msg253689</a> - <a href="msg253689">(view)</a></th> <th>Author: Bernd Dietzel (TheRegRunner)</th> <th>Date: 2015-10-29 19:26</th> </tr> <tr> <td colspan="4" class="content"> <pre>My patch for mailcap.py. Please check and apply my patch please. 1) I have removed the os.system() calls for security reasons. 2) New "findmtach_list()" function witch returns the commandline as a [list] witch can be passed to subprocess instead of passing it to os.system(). 3) New run() function to execute the cmd_list with subprocess. 4) The test() function now uses findmatch_list() and run() instead of the old findmatch() and os.system() calls. 5) The subst() function is now shorter an does a quote(filename) when its replacing %s with a filename. 6) The "old" findmatch() function is still there if the user still likes to have the commandline as a "string". Attention ! With this old findmatch() function it's still possible that a shell command in the filename like '$(ls).txt' will be executed when the users passes the string to os.system() outside the mailcap script. Use findmatch() only for backwards compatibility. 7) Use the new findmatch_list() an run() for future projects. 8) Add 1)-7) to the docs Thank you.</pre> </td> </tr> <tr> <th> <a href="#msg416878" id="msg416878">msg416878</a> - <a href="msg416878">(view)</a></th> <th>Author: STINNER Victor (vstinner) <span title="Contributor form received">*</span> <img src="@@file/committer.png" title="Python committer" alt="(Python committer)" /></th> <th>Date: 2022-04-06 15:30</th> </tr> <tr> <td colspan="4" class="content"> <pre>In 2022, Python 3.11 still has the issue: ---------------- <a href="mailto:vstinner@apu">vstinner@apu</a>$ python3.11 -m mailcap Mailcap files: /home/vstinner/.mailcap /etc/mailcap (...) Mailcap entries: (...) text/html copiousoutput lineno 5 view /usr/bin/xdg-open %s $ python3 -m mailcap text/html 'filename; pwd' Executing: /usr/bin/xdg-open filename; pwd (...) /home/vstinner/python/main ---------------- Maybe subst() can be modified to work on a list (as Bernd Dietzel proposed) and then use subprocess to avoid shell and so avoid having to pass a single string, but pass a *list* of arguments (strings). The problem is that it would change the public mailcap.findmatch() API: "Return a 2-tuple; the first element is a string containing the command line to be executed (which can be passed to os.system()), (...)" <a href="https://docs.python.org/dev/library/mailcap.html#mailcap.findmatch">https://docs.python.org/dev/library/mailcap.html#mailcap.findmatch</a> Adding a new findmatch_list() function avoids the backward compatibility issue, but the existing findmatch() function would remain vulnerable. The other problem is that the mailcap.findmatch() function supports "test" command which executes os.system() on string created by mailcap.subst(). Is the mailcap format (RFC 1524) still used in 2022? Does the mailcap module still belong to the Python stdlib in 2022? I propose to: * (1) Document the shell injection vulnerability: the caller is responsible to validate the filename * (2) Deprecate the mailcap module A code search in the top 5000 PyPI projects (at 2022-01-26) did not find any Python source code using the "mailcap" module. I only found the word "mailcap" used to refer to other things: * <a href="https://docs.djangoproject.com/en/4.0/ref/contrib/staticfiles/">https://docs.djangoproject.com/en/4.0/ref/contrib/staticfiles/</a> mentions a "mailcap" RHEL package: "This can be achieved, for example, by installing or updating the mailcap package on a Red Hat distribution, mime-support on a Debian distribution, or by editing the keys under HKEY_CLASSES_ROOT in the Windows registry." * wxPython refers to "KDE&lt; mailcap and mime.types" <a href="https://docs.djangoproject.com/en/4.0/ref/contrib/staticfiles/">https://docs.djangoproject.com/en/4.0/ref/contrib/staticfiles/</a></pre> </td> </tr> <tr> <th> <a href="#msg417000" id="msg417000">msg417000</a> - <a href="msg417000">(view)</a></th> <th>Author: STINNER Victor (vstinner) <span title="Contributor form received">*</span> <img src="@@file/committer.png" title="Python committer" alt="(Python committer)" /></th> <th>Date: 2022-04-19 08:02</th> </tr> <tr> <td colspan="4" class="content"> <pre>CVE-2015-20107 has been assigned to this issue.</pre> </td> </tr> </table> <table class="history table table-condensed table-striped"><tr><th colspan="4" class="header"> History </th></tr><tr> <th>Date</th> <th>User</th> <th>Action</th> <th>Args</th> </tr> <tr><td>2022-04-19&nbsp;08:02:39</td><td>vstinner</td><td>set</td><td>messages: + <a rel="nofollow" href="msg417000">msg417000</a><br />title: mailcap.findmatch: document shell command Injection danger in filename parameter -> [CVE-2015-20107] mailcap.findmatch: document shell command Injection danger in filename parameter</td></tr> <tr><td>2022-04-11&nbsp;14:58:19</td><td>admin</td><td>set</td><td>github: 68966</td></tr> <tr><td>2022-04-06&nbsp;15:30:37</td><td>vstinner</td><td>set</td><td>nosy: + <a rel="nofollow" href="user2377">vstinner</a><br /><br />messages: + <a rel="nofollow" href="msg416878">msg416878</a><br />versions: + Python 3.11, - Python 2.7, Python 3.5, Python 3.6, Python 3.7</td></tr> <tr><td>2016-09-24&nbsp;19:22:58</td><td>christian.heimes</td><td>set</td><td>versions: + Python 3.7, - Python 3.4</td></tr> <tr><td>2015-10-29&nbsp;19:26:37</td><td>TheRegRunner</td><td>set</td><td>files: + <a rel="nofollow" href="file40897">mailcap patch.zip</a><br /><br />messages: + <a rel="nofollow" href="msg253689">msg253689</a></td></tr> <tr><td>2015-08-05&nbsp;20:26:43</td><td>TheRegRunner</td><td>set</td><td>messages: + <a rel="nofollow" href="msg248074">msg248074</a></td></tr> <tr><td>2015-08-05&nbsp;20:06:33</td><td>r.david.murray</td><td>set</td><td>messages: + <a rel="nofollow" href="msg248070">msg248070</a></td></tr> <tr><td>2015-08-05&nbsp;19:32:42</td><td>TheRegRunner</td><td>set</td><td>messages: + <a rel="nofollow" href="msg248062">msg248062</a></td></tr> <tr><td>2015-08-05&nbsp;19:18:59</td><td>r.david.murray</td><td>set</td><td>messages: + <a rel="nofollow" href="msg248061">msg248061</a><br />title: mailcap.findmatch() ........ Shell Command Injection in filename -> mailcap.findmatch: document shell command Injection danger in filename parameter</td></tr> <tr><td>2015-08-05&nbsp;18:58:52</td><td>TheRegRunner</td><td>set</td><td>messages: + <a rel="nofollow" href="msg248058">msg248058</a></td></tr> <tr><td>2015-08-04&nbsp;18:42:11</td><td>TheRegRunner</td><td>set</td><td>messages: + <a rel="nofollow" href="msg247992">msg247992</a></td></tr> <tr><td>2015-08-04&nbsp;03:08:56</td><td>r.david.murray</td><td>set</td><td>nosy: + <a rel="nofollow" href="user12260">docs@python</a><br />messages: + <a rel="nofollow" href="msg247979">msg247979</a><br /><br />assignee: <a rel="nofollow" href="user12260">docs@python</a><br />components: + Documentation</td></tr> <tr><td>2015-08-03&nbsp;20:31:07</td><td>TheRegRunner</td><td>set</td><td>messages: + <a rel="nofollow" href="msg247951">msg247951</a></td></tr> <tr><td>2015-08-03&nbsp;19:27:35</td><td>TheRegRunner</td><td>set</td><td>files: + <a rel="nofollow" href="file40116">The Quote Problem.py</a><br /><br />messages: + <a rel="nofollow" href="msg247946">msg247946</a></td></tr> <tr><td>2015-08-03&nbsp;18:44:10</td><td>r.david.murray</td><td>set</td><td>nosy: + <a rel="nofollow" href="user9663">r.david.murray</a><br /><br />messages: + <a rel="nofollow" href="msg247944">msg247944</a><br />versions: + Python 3.4, Python 3.5, Python 3.6</td></tr> <tr><td>2015-08-02&nbsp;10:16:11</td><td>TheRegRunner</td><td>set</td><td>messages: + <a rel="nofollow" href="msg247861">msg247861</a></td></tr> <tr><td>2015-08-02&nbsp;08:25:07</td><td>TheRegRunner</td><td>create</td><td></td></tr> </table> </div> </div> <!-- content-body --> <div id="footer"> <div id="credits"> Supported by <a href="https://python.org/psf-landing/" title="The Python Software Foundation">The Python Software Foundation</a>, <br> Powered by <a href="http://roundup.sourceforge.net" title="Powered by the Roundup Issue Tracker">Roundup</a> </div> <!-- credits --> Copyright &copy; 1990-2022, <a href="http://python.org/psf">Python Software Foundation</a><br /> <a href="http://python.org/about/legal">Legal Statements</a> </div> <!-- footer --> </div> <!-- body-main --> </div> <!-- content --> </body> </html>