diff -Nru efingerd-1.6.4/CHANGES efingerd-1.6.5/CHANGES
--- efingerd-1.6.4/CHANGES	2013-06-30 14:35:16.000000000 +0000
+++ efingerd-1.6.5/CHANGES	2013-10-15 07:48:59.000000000 +0000
@@ -1,3 +1,13 @@
+efingerd (1.6.5) unstable; urgency=low
+
+  * Sanitize DNS response, ident response and username before passing them
+    to user-defined executables (closes: #724063). While the default scripts
+    are probably immune, this does not mean users' ones will be immune as
+    well.
+  * add Japanese debconf translation (closes: #718525)
+
+ -- Radovan Garabík <garabik@kassiopeia.juls.savba.sk>  Tue, 15 Oct 2013 10:25:13 +0200
+
 efingerd (1.6.4) unstable; urgency=low
 
   * fix -t missing number parsing (thanks to the Mayhem project)
diff -Nru efingerd-1.6.4/child.c efingerd-1.6.5/child.c
--- efingerd-1.6.4/child.c	2013-06-30 14:35:08.000000000 +0000
+++ efingerd-1.6.5/child.c	2013-10-06 17:45:08.000000000 +0000
@@ -26,6 +26,34 @@
 static int s_in = -1, s_out = -1;
 
 /* ------------------------------------------------------------------
+ * sanitize_char:
+ *      helper function, returns only characters from isalnum+".:-"
+ *      the rest is replaced with underscore
+ *      note that is it better not to use isalnum() since it
+ *          is locale-sensitive
+ *
+ *      to satinize DNS records
+ * ------------------------------------------------------------------
+*/
+
+unsigned char sanitize_char(unsigned char c)
+{
+    unsigned short int i;
+    unsigned char r = '_';
+    i = (unsigned short int) c;
+    /* since we want to be 8-bit clean, we do not sanitize chars over 128,
+     * this would be OK for DNS, but not for ident response
+     */
+    if (i=='\0') /* so that we do not accidentally delete the end of string marker */
+        return c;
+    if (i>=32) {
+        if ( ('A'<=i && i<='Z') || ('a'<=i && i<='z') || ('0'<=i && i<='9') || (i=='.') || (i==':') || (i=='-') || (i>=128) )
+            r = c;
+    }
+    return r;
+}
+
+/* ------------------------------------------------------------------
  * lookup_addr:
  *      if resolve_addr, try to reverse resolve the address.
  *              else return the numerical ip.
@@ -33,8 +61,9 @@
  */
 static char *lookup_addr(struct in_addr in)
 {
-    static char addr[100];
+    static char addr[256];
     struct hostent *he;
+    unsigned short int i;
 
     if (resolve_addr) {
 	he = gethostbyaddr((char *) &in, sizeof(struct in_addr), AF_INET);
@@ -46,6 +75,11 @@
 	strncpy(addr, inet_ntoa(in), sizeof(addr));
 
     addr[sizeof(addr)-1] = '\0';
+    for (i=0; i<sizeof(addr); i++) {
+        if (addr[i]=='\0')
+            break;
+        addr[i] = sanitize_char(addr[i]);
+    }
     return addr;
 }
 
@@ -148,6 +182,7 @@
     char buffer[MAX_SOCK_LENGTH];
     int sinsize = sizeof(struct sockaddr_in);
     int reqstat;
+    unsigned int i;
     char *identity = NULL;
     char *remote_address;
     char *nullident = "(null)";
@@ -170,10 +205,27 @@
     laddr = sin.sin_addr;
 
     reqstat = get_request(sd_in, buffer, MAX_SOCK_LENGTH);
+    buffer[sizeof(buffer)-1] = '\0';
+    for (i=0; i<sizeof(buffer); i++) {
+        if (buffer[i]=='\0')
+            break;
+        buffer[i] = sanitize_char(buffer[i]);
+    }
+
+
     if (use_ident)
         identity = ident_id(sd_in, IDENT_TIME);
     if (identity == NULL)
         identity = nullident;
+    else {
+        for (i=0; ; i++) {
+            if (identity[i]=='\0')
+                break;
+            identity[i] = sanitize_char(identity[i]);
+        }
+    }
+
+    /* remote_address is already sanitized in lookup_addr */
     remote_address = lookup_addr(raddr);
     do_finger(buffer, identity, remote_address, sd_out);
 
diff -Nru efingerd-1.6.4/debian/changelog efingerd-1.6.5/debian/changelog
--- efingerd-1.6.4/debian/changelog	2013-06-30 14:35:16.000000000 +0000
+++ efingerd-1.6.5/debian/changelog	2013-10-15 07:48:59.000000000 +0000
@@ -1,3 +1,13 @@
+efingerd (1.6.5) unstable; urgency=low
+
+  * Sanitize DNS response, ident response and username before passing them
+    to user-defined executables (closes: #724063). While the default scripts
+    are probably immune, this does not mean users' ones will be immune as
+    well.
+  * add Japanese debconf translation (closes: #718525)
+
+ -- Radovan Garabík <garabik@kassiopeia.juls.savba.sk>  Tue, 15 Oct 2013 10:25:13 +0200
+
 efingerd (1.6.4) unstable; urgency=low
 
   * fix -t missing number parsing (thanks to the Mayhem project)
diff -Nru efingerd-1.6.4/debian/po/ja.po efingerd-1.6.5/debian/po/ja.po
--- efingerd-1.6.4/debian/po/ja.po	1970-01-01 00:00:00.000000000 +0000
+++ efingerd-1.6.5/debian/po/ja.po	2013-10-15 07:48:39.000000000 +0000
@@ -0,0 +1,116 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the efingerd package.
+# victory <victory.deb@gmail.com>, 2013.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: efingerd\n"
+"Report-Msgid-Bugs-To: efingerd@packages.debian.org\n"
+"POT-Creation-Date: 2010-01-01 21:30+0100\n"
+"PO-Revision-Date: 2013-07-01 23:28+0900\n"
+"Last-Translator: victory <victory.deb@gmail.com>\n"
+"Language-Team: Japanese <debian-japanese@lists.debian.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Language: ja\n"
+
+#. Type: boolean
+#. Description
+#: ../templates:1001
+msgid "Permit users to have their own configurable finger replies?"
+msgstr "ユーザに自分の finger 応答の設定を許可しますか?"
+
+#. Type: boolean
+#. Description
+#: ../templates:1001
+msgid "You can decide if efingerd honours users' ~/.efingerd files."
+msgstr "efingerd がユーザの ~/.efingerd ファイルに従うかどうか決定できます。"
+
+# finger - user information lookup program
+#. Type: boolean
+#. Description
+#: ../templates:1001
+msgid ""
+"If someone from network fingers given user, and the user has ~/.efingerd "
+"file readable and executable for efingerd daemon, this file will be executed "
+"and its output will be sent to the fingerer."
+msgstr ""
+"あるユーザを指定してネットワークから誰かが finger を送り、そのユーザの ~/."
+"efingerd ファイルが efingerd デーモンから読み取り、実行可能な場合、このファイ"
+"ルが実行され、その出力が finger 発信者に送られます。"
+
+#. Type: boolean
+#. Description
+#: ../templates:1001
+msgid ""
+"This can be either desired or not, depending on your system policy. In "
+"particular, allowing .efingerd files allows users to cheat about their real "
+"identity. However, efingerd can be configured to display users' full names "
+"(from passwd) as the first line of the reply, so they cannot hide themselves "
+"completely."
+msgstr ""
+"これが望ましいかどうかはシステムのポリシーに依ります。特に、.efingerd ファイ"
+"ルを許可するとユーザが正体をごまかせるようになります。しかし、efingerd は応答"
+"の先頭行としてユーザのフルネーム (passwd から取得) を表示するように設定できる"
+"ため、自力で完全に隠してしまうことはできません。"
+
+#. Type: boolean
+#. Description
+#: ../templates:1001
+msgid ""
+"There is however a slight security concern: if you allow .efingerd files, "
+"these files will be executed under efingerd UID, so malicious users gain "
+"access to all files owned by efingerd - this becomes important when you make "
+"efingerd to log into some files writable by the daemon, unless you take "
+"appropriate precautions."
+msgstr ""
+"ただし、これにはわずかながらセキュリティの懸念があります: .efingerd ファイル"
+"を許可した場合、そういったファイルは efingerd の UID で実行されるため、悪意の"
+"あるユーザが efingerd の所有する全ファイルへのアクセスを獲得します - これは、"
+"デーモンにより書き込み可能な一部のファイルに efingerd が記録するようにしてい"
+"る場合、適切な予防措置を採っていない限り重大なことになります。"
+
+#. Type: boolean
+#. Description
+#: ../templates:1001
+msgid ""
+"If you are the only user, or you trust your users, there is no reason to "
+"disable .efingerd files (and this is probably a reason you want to install "
+"efingerd for). However, if you expect your users to be nasty, you should "
+"better think about protecting from them - in particular, if you enable "
+"logging, make sure they cannot fiddle with the logfile - this is UP TO YOU."
+msgstr ""
+"自分が唯一のユーザ、あるいはユーザを信頼している場合は、.efingerd ファイルを"
+"無効にする理由はありません (また、これが恐らく efingerd をインストールしよう"
+"と思った理由でしょう)。しかし、ユーザに悪意があることが予期されるのであれば、"
+"その防護策について考慮しておいた方が良いでしょう - 特にログ取得を有効にする場"
+"合は、そのログファイルをユーザから操作できることのないようにしてください - こ"
+"れは*あなた次第です*。"
+
+#. Type: boolean
+#. Description
+#: ../templates:2001
+msgid "Display users' real names?"
+msgstr "ユーザの本名を表示しますか?"
+
+#. Type: boolean
+#. Description
+#: ../templates:2001
+msgid ""
+"By default, efingerd displays users real names (from passwd) as the first "
+"line of finger reply. You may want to suppress it, but if you allow the use "
+"of .efingerd files at the same time, be aware that users can hide their "
+"identity for the fingerer."
+msgstr ""
+"デフォルトで efingerd は finger 応答の先頭行で (passwd から) ユーザの本名を表"
+"示します。これは抑制することができますが、同時に .efingerd ファイルの使用を許"
+"可した場合は、ユーザは finger 発信者に対して正体を隠すことができるということ"
+"に留意してください。"
+
+#. Type: boolean
+#. Description
+#: ../templates:2001
+msgid "If in doubt, select this option."
+msgstr "疑問がある場合はこれを選択してください。"