Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 406175

Summary: net-mail/notmuch-0.10.2: Backport security fixes from 0.11.1
Product: Gentoo Linux Reporter: Amadeusz Żołnowski (RETIRED) <aidecoe>
Component: New packagesAssignee: Amadeusz Żołnowski (RETIRED) <aidecoe>
Status: RESOLVED FIXED    
Severity: normal    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 405417    

Description Amadeusz Żołnowski (RETIRED) gentoo-dev 2012-02-28 16:41:40 UTC 
From NEWS file:
> Quote MML tags in replies
>
>  MML tags are text codes that Emacs uses to indicate attachments
>  (among other things) in messages being composed.  The Emacs
>  interface did not quote MML tags in the quoted text of a reply.
>  User could be tricked into replying to a maliciously formatted
>  message and not editing out the MML tags from the quoted text.  This
>  could lead to files from the user's machine being attached to the
>  outgoing message.  The Emacs interface now quotes these tags in
>  reply text, so that they do not effect outgoing messages.

Reproducible: Always
Comment 1 Amadeusz Żołnowski (RETIRED) gentoo-dev 2012-02-29 07:43:40 UTC 
Fixed in notmuch-0.10.2-r2.