Re: [SECURITY] [DSA 1336-1] New mozilla-firefox packages fix several vulnerabilities
> CVE-2007-1282
>
> It was discovered that an integer overflow in text/enhanced message
> parsing allows the execution of arbitrary code.
Isn't text/enhanced long forgotten for good? It has never been formally
registered, btw, see http://www.iana.org/assignments/media-types/text . I
suggest the corresponding handler code should be removed (if the
maintainers can persuade their upstreams), to decrease
support burden, and the applications be thus falling back to text/plain .
VKh
Reply to: