[Secure-testing-team] Bug#728232: sup-mail: remote command injection in content_type
Salvatore Bonaccorso
carnil at debian.org
Tue Oct 29 19:44:57 UTC 2013
Package: sup-mail
Severity: grave
Tags: security upstream patch fixed-upstream
Hi
A remote command injection in sup-mail was reported, see [0] and [1]
for more details. Upstream also released new versions fixing this
issue, see [3] for the diff between 0.13.2 and 0.13.2.1.
[0] http://rubyforge.org/pipermail/sup-talk/2013-October/004996.html
[1] http://seclists.org/fulldisclosure/2013/Oct/272
[2] http://article.gmane.org/gmane.comp.security.oss.general/11389
[3] https://github.com/sup-heliotrope/sup/compare/release-0.13.2...release-0.13.2.1
(A CVE was requested, in case it get assigned before of releasing a
fix, please include the CVE in your changelog).
Regards,
Salvatore
More information about the Secure-testing-team
mailing list