id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	blockedby	blocking	branch_state	votes
2913	CVE-2012-4463 mc-4.8.5: Does not sanitize MC_EXT_SELECTED variable properly	iankko	slavazanko	"Paul Hartman reported the following (minor) security flaw
into Gentoo's bugzilla:
  https://bugs.gentoo.org/show_bug.cgi?id=436518

When multiple files are selected and F3 / Enter key is pressed on some of the files, MC_EXT_SELECTED variable does not sanitize the whitespace characters properly (leading into situation when first file is used as the actual value of MC_EXT_SELECTED variable and the remaining files from the list are used as arguments passed to the temporary script, created to handle F3 / Enter action on the first file).

A remote attacker could provide a specially-crafted archive and trick the local Midnight Commander user into expanding and viewing it, which under certain circumstances could lead to arbitrary code execution with the privileges of the user running the mc executable.
"	defect	closed	minor	4.8.7	mc-core	4.8.5	fixed	Security, CVE-2012-4463	onlyjob@… jnovy@… milan.cermak@…			merged	committed-master