mime-support (3.58) unstable; urgency=high
* CVE-2014-7209: run-mailcap shell command injection.
Thanks to Timothy D. Morgan for the report.
d156797 Escape file name also when not passed through %s. This
avoids command injections using for instance semicolons.
b585022 Resolve file name to an absolute path to avoid injection of
command arguments with file names starting with dashes etc.
Use File::Spec to avoid race conditions with temporary files.
Thanks, Salvatore Bonaccorso for the patch.
-- Charles Plessy <plessy@debian.org> Sun, 28 Dec 2014 14:45:59 +0900