Bug#432932: metasend: Slightly exploitable MIME type setting

To: submit@bugs.debian.org
Subject: Bug#432932: metasend: Slightly exploitable MIME type setting
From: Jan-Benedict Glaw <jbglaw@lug-owl.de>
Date: Fri, 13 Jul 2007 10:49:21 +0200
Message-id: <[🔎] 20070713084921.GB11809@lug-owl.de>
Mail-followup-to: submit@bugs.debian.org
Reply-to: Jan-Benedict Glaw <jbglaw@lug-owl.de>, 432932@bugs.debian.org

Package: metamail
Version: 2.7-53

Hi!

I hope that the MIME type supplied to metasend will always
come from a trusted source:

jbglaw@lnxp-1008:~$ metasend -b -s "Some subject" -o xxxx		\
			-F "jbglaw@lug-owl.de"				\
			-m 'foo/bar; name="xxx echo you are dead"'	\
			-e quoted-printable -f /dev/null		\
			-t "jbglaw@lug-owl.de"
you are dead
jbglaw@lnxp-1008:~$ 

This is due the use of `eval', which is a typo and should be spelled
like `evil' ...

MfG, JBG

-- 
      Jan-Benedict Glaw      jbglaw@lug-owl.de              +49-172-7608481
 Signature of:                    Don't believe in miracles: Rely on them!
 the second  :

Attachment: signature.asc
Description: Digital signature

Reply to:

Prev by Date: Bug#344311: marked as done (libmxml-dev: the man documentation makes the developer write bug?)
Next by Date: Bug#432932: metasend: Slightly exploitable MIME type setting
Previous by thread: Bug#344311: marked as done (libmxml-dev: the man documentation makes the developer write bug?)
Next by thread: Bug#432932: metasend: Slightly exploitable MIME type setting
Index(es):
- Date
- Thread