[DRE-maint] Bug#728232: sup-mail: remote command injection in content_type

Salvatore Bonaccorso carnil at debian.org
Tue Oct 29 19:44:57 UTC 2013


Package: sup-mail
Severity: grave
Tags: security upstream patch fixed-upstream

Hi

A remote command injection in sup-mail was reported, see [0] and [1]
for more details. Upstream also released new versions fixing this
issue, see [3] for the diff between 0.13.2 and 0.13.2.1.

 [0] http://rubyforge.org/pipermail/sup-talk/2013-October/004996.html
 [1] http://seclists.org/fulldisclosure/2013/Oct/272
 [2] http://article.gmane.org/gmane.comp.security.oss.general/11389
 [3]  https://github.com/sup-heliotrope/sup/compare/release-0.13.2...release-0.13.2.1

(A CVE was requested, in case it get assigned before of releasing a
fix, please include the CVE in your changelog).

Regards,
Salvatore



More information about the Pkg-ruby-extras-maintainers mailing list