Source: procmail Version: 3.22-19 Severity: important Tags: security upstream
Hi Jakub Wilk reported on oss-security that procmail has unsafe handling of the TZ environment variable, see http://openwall.com/lists/oss-security/2014/10/15/24 https://sources.debian.net/src/procmail/3.22-20%2Bdeb7u1/config.h/?hl=22#L13 and http://seclists.org/oss-sec/2015/q1/533 This issue has got CVE-2014-9681 assigned. Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org