406175 – net-mail/notmuch-0.10.2: Backport security fixes from 0.11.1

Bug 406175 - net-mail/notmuch-0.10.2: Backport security fixes from 0.11.1

Summary: net-mail/notmuch-0.10.2: Backport security fixes from 0.11.1

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	New packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Amadeusz Żołnowski (RETIRED)

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:	405417
	Show dependency tree

Reported:	2012-02-28 16:41 UTC by Amadeusz Żołnowski (RETIRED)
Modified:	2012-02-29 07:43 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Amadeusz Żołnowski (RETIRED) gentoo-dev

2012-02-28 16:41:40 UTC

From NEWS file:
> Quote MML tags in replies
>
>  MML tags are text codes that Emacs uses to indicate attachments
>  (among other things) in messages being composed.  The Emacs
>  interface did not quote MML tags in the quoted text of a reply.
>  User could be tricked into replying to a maliciously formatted
>  message and not editing out the MML tags from the quoted text.  This
>  could lead to files from the user's machine being attached to the
>  outgoing message.  The Emacs interface now quotes these tags in
>  reply text, so that they do not effect outgoing messages.

Reproducible: Always

Comment 1 Amadeusz Żołnowski (RETIRED) gentoo-dev

2012-02-29 07:43:40 UTC

Fixed in notmuch-0.10.2-r2.