Package: minimalist
Version: 2.5.2-1
It seems that minimalist isn't properly quoting metacharacters when
processing email subjects.
For example if I send a message to the minimalist with subject "((((" I
get this error back:
> This message was created automatically by mail delivery software.
>
> A message that you sent could not be delivered to one or more of its
> recipients. This is a permanent error. The following address(es)
> failed:
>
> pipe to |/usr/bin/minimalist generated by [EMAIL PROTECTED] local
> delivery failed
>
> The following text was generated during the delivery attempt:
>
> ------ pipe to |/usr/bin/minimalist generated by
> [EMAIL PROTECTED] ------
>
> Unmatched ( in regex; marked by <-- HERE in m/^(((( <-- HERE $/ at
> /usr/bin/minimalist line 771, <STDIN> line 13.
This could get dangerous with some more inventive use of regular
expressions (like the (?{...}) construct). Currently perl safety
functions seem to prevent this bug from being exploitable, but people
usually recommend against passing unsanitized user-supplied strings as
regular expressions.
System information:
Debian release: Sarge
Architecture: i386
Kernel: Linux 2.4.33.3
ii minimalist 2.5.2-1
ii perl 5.8.4-8sarge5
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
