On 06 Oct 2021 21:45:08, Sergey Poznyakoff wrote: >> I recently learned of a vulnerability where an arbitrary command can >> be executed by root if the body of an email passed to `mail` contains >> unsanitized ~! or ~| escapes. > > This has been fixed on July 19 (commit 4befcfd015). The fix is included > in version 3.13. Please, upgrade.
Thanks Sergey! For the convenience of those who find this conversation later, here's the link to the commit: https://git.savannah.gnu.org/cgit/mailutils.git/commit/?id=4befcfd015256c568121653038accbd84820198f And the relevant bug report: https://savannah.gnu.org/bugs/?60937 Regards, Quinn
