Summary: | <net-mail/mailutils-3.12-r3: mail(1) processes escape sequences in bodies non-interactively, possible RCE | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Hank Leininger <hlein> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | eras |
Priority: | Normal | Flags: | nattka:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://savannah.gnu.org/bugs/index.php?60937 | ||
Whiteboard: | B1 [glsa+] | ||
Package list: |
net-mail/mailutils-3.12-r3
|
Runtime testing required: | --- |
Bug Depends on: | |||
Bug Blocks: | 802513 |
Description
Hank Leininger
2021-07-19 08:51:31 UTC
Bumped in https://bugs.gentoo.org/802513#c12. @eras, let us know when ready to stable. Unable to check for sanity:
> disallowed package spec (only = allowed): <net-mail/mailutils-3.12-r3
All sanity-check issues have been resolved arm done ppc done ppc64 done sparc done amd64 done x86 done arm64 done all arches done Please cleanup, thanks! The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b12959127f779d6ee0fb3c15fd96be2f24e74913 commit b12959127f779d6ee0fb3c15fd96be2f24e74913 Author: Eray Aslan <eras@gentoo.org> AuthorDate: 2021-08-02 10:58:50 +0000 Commit: Eray Aslan <eras@gentoo.org> CommitDate: 2021-08-02 10:58:50 +0000 net-mail/mailutils: cleanup Bug: https://bugs.gentoo.org/802867 Package-Manager: Portage-3.0.20, Repoman-3.0.3 Signed-off-by: Eray Aslan <eras@gentoo.org> net-mail/mailutils/mailutils-3.12-r2.ebuild | 143 ---------------------------- 1 file changed, 143 deletions(-) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=3e4a6266341c7f754ede0bb2d3c6a7f37daef958 commit 3e4a6266341c7f754ede0bb2d3c6a7f37daef958 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-10-19 05:47:33 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2023-10-19 05:48:22 +0000 [ GLSA 202310-13 ] GNU Mailutils: unexpected processsing of escape sequences Bug: https://bugs.gentoo.org/802867 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202310-13.xml | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) |