subject:"Bug#997840\: mailutils\: \[security\] mail\(1\) processes command escapes also if used non\-interactively"

Bug#997840: mailutils: [security] mail(1) processes command escapes also if used non-interactively

2021-10-25 Thread Jordi Mallach

tags 997840 + security thanks Hi Christian, El dl. 25 de 10 de 2021 a les 19:51 +0200, en/na Christian Franke va escriure: > Package: mailutils > Version: 1:3.10-3 > > Steps to reproduce: > > $ printf 'test:\n~! echo ALERT\nbye!\n' | mail TO_SOME_ADDRESS > > Observed: "ALERT" is printed to

Bug#997840: mailutils: [security] mail(1) processes command escapes also if used non-interactively

2021-10-25 Thread Christian Franke

Package: mailutils Version: 1:3.10-3 Steps to reproduce: $ printf 'test:\n~! echo ALERT\nbye!\n' | mail TO_SOME_ADDRESS Observed: "ALERT" is printed to standard output. Expected: String "~! echo ALERT" shall be send as second line of the mail. Command escapes should only be processed if used