Ferdy please provide an updated ebuild.
nbsmtp-1.00 (which fixes the problem) added with keywords:
alpha ~amd64 ~hppa ~ppc ~sparc x86
Arches please test and mark stable.
On further investigation, I am not sure this is a vulnerability at all. This is
an SMTP client, not a daemon, so the attack is local and may be used to elevate
privileges to... yourself ?
mmmm nope. A malicious server 'might' inject code; I had a:
where I should have:
Thanks for the details. Rerating B2. I'll ask for a CAN number to MITRE.
This is still missing the hppa keyword.
Stable on hppa
Ready for GLSA, waiting a little for the CAN number to be attributed.
Enough waiting, we'll add the CAN afterwards when it is attributed.