[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[roessler@guug.de: Re: debian freeze / mutt]

----- Forwarded message from Thomas Roessler <roessler@guug.de> -----

Return-Path: <roessler@sobolev.rhein.de>
Received: (from uucp@localhost)
	by giano.linux.it (8.8.8/8.8.8/Md) with UUCP id KAA13270
	for md@giano.linux.it; Tue, 16 Feb 1999 10:35:06 +0100
Received: from slipper.ip.lu (slipper.ip.lu [])
	by kirk.linux.it (8.8.8/8.8.8/Debian/GNU) with ESMTP id JAA25404
	for <md@giano.linux.it>; Tue, 16 Feb 1999 09:53:59 +0100
Received: from pascal.sobolev.rhein.de (dialup01.ip.lu [])
	by slipper.ip.lu (8.8.8/8.8.8) with ESMTP id KAA15275;
	Tue, 16 Feb 1999 10:33:52 +0100 (CET)
Received: (from roessler@localhost)
	by pascal.sobolev.rhein.de (8.8.8/8.8.8/Debian/GNU) id KAA02313;
	Tue, 16 Feb 1999 10:32:45 +0100
Date: Tue, 16 Feb 1999 10:32:43 +0100
From: Thomas Roessler <roessler@guug.de>
To: "Marco d'Itri" <md@giano.linux.it>
Subject: Re: debian freeze / mutt
Message-ID: <19990216103242.B1309@sobolev.rhein.de>
References: <19990215160933.A29789@giano.com.dist.unige.it>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Mailer: Mutt 0.96i
In-Reply-To: <19990215160933.A29789@giano.com.dist.unige.it>

On Mon, Feb 15, 1999 at 04:09:33PM +0100, Marco d'Itri wrote:

>> What do you think about the fix to the /etc/mailcap security bug in
>> the last mutt release? The same bug has been reported on bugtraq
>> about PINE. The author asked me to package it for frozen.

> My understanding of that bug is that it involves having back-tick
> expressions within the mailcap commands.  That needs to be
> addressed by whatever packages installed those rules.

> Since only root can install into the global rule list, I don't see
> this are a real problem.  Please let me know if I don't understand
> something about this.

Debian should be able to guarantee all the mailcap entries which are
generated by packages on a Debian system are safe.  Additionally,
users may add their own bad mailcap entries, fetched from the net.
While I agree with Brian that this problem should really be fixed in
the mailcap file, I'd suggest MUAs at least implement some security

Additionally, 0.95.[23] fixes a problem which lead to mail loss when
writing messages to the mbox folder failed.  Error checking... ;)

I'd really like to see 0.95.3 (or, for that matter, 0.95.2 - the
difference lies in some minor bug-fixes, mostly related to thread
collapsing) in frozen.

Thomas Roessler · 74a353cc0b19 · dg1ktr · http://home.pages.de/~roessler/
     2048/CE6AC6C1 · 4E 04 F0 BC 72 FF 14 23 44 85 D1 A1 3B B0 73 C1

----- End forwarded message -----

Reply to: