Your message dated Sat, 24 May 2008 18:02:58 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#351890: fixed in mutt 1.5.18-1
has caused the Debian Bug report #351890,
regarding mutt: dangerous handling of attachment filenames
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
351890: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=351890
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: mutt
Version: 1.5.9-2
Severity: normal
Tags: security
I just saved an attachment by the name
=?ISO-8859-15?Q?=DCberraschung=2Ezip?=
as it was received due to (improper?) encoding. The message ended up
not in my pwd, but in $MAIL/?ISO-8859-15?Q?=DCberraschung=2Ezip?=
Being uncautious one could be tricked into overwriting mail folders.
I'm not sure if the = -> $MAIL expansion is desired in the attachment
menu at all (I don't think so), but it should for sure not be used with
filenames supplied by remote parties.
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.14.1
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL
set to en_US.UTF-8)
Versions of packages mutt depends on:
ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an
ii libdb4.3 4.3.27-2 Berkeley v4.3 Database Libraries [
ii libgnutls11 1.0.16-13.1 GNU TLS library - runtime library
ii libidn11 0.5.13-1.0 GNU libidn library, implementation
ii libncursesw5 5.4-4 Shared libraries for terminal hand
ii libsasl2 2.1.19-1.5 Authentication abstraction library
ii postfix [mail-transport-age 2.1.5-9 A high-performance mail transport
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: mutt
Source-Version: 1.5.18-1
We believe that the bug you reported is fixed in the latest version of
mutt, which is due to be installed in the Debian FTP archive:
mutt-dbg_1.5.18-1_amd64.deb
to pool/main/m/mutt/mutt-dbg_1.5.18-1_amd64.deb
mutt-patched_1.5.18-1_amd64.deb
to pool/main/m/mutt/mutt-patched_1.5.18-1_amd64.deb
mutt_1.5.18-1.diff.gz
to pool/main/m/mutt/mutt_1.5.18-1.diff.gz
mutt_1.5.18-1.dsc
to pool/main/m/mutt/mutt_1.5.18-1.dsc
mutt_1.5.18-1_amd64.deb
to pool/main/m/mutt/mutt_1.5.18-1_amd64.deb
mutt_1.5.18.orig.tar.gz
to pool/main/m/mutt/mutt_1.5.18.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christoph Berg <[EMAIL PROTECTED]> (supplier of updated mutt package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 24 May 2008 19:36:44 +0200
Source: mutt
Binary: mutt mutt-patched mutt-dbg
Architecture: source amd64
Version: 1.5.18-1
Distribution: unstable
Urgency: low
Maintainer: Adeodato Simó <[EMAIL PROTECTED]>
Changed-By: Christoph Berg <[EMAIL PROTECTED]>
Description:
mutt - text-based mailreader supporting MIME, GPG, PGP and threading
mutt-dbg - debugging symbols for mutt
mutt-patched - the Mutt Mail User Agent with extra patches
Closes: 66096 191850 351890
Changes:
mutt (1.5.18-1) unstable; urgency=low
.
* New upstream version.
+ Query menu format is configurable. (Closes: #66096, Mutt: #170)
+ Quote attachment filenames starting with '='.
(Closes: #351890, Mutt: #1719)
+ Mention that References: and Date: cannot be changed in editor.
(Closes: #191850, Mutt: #1234).
* Refreshing patches from upstream: compressed-folders, sidebar.
* Update doc-base section.
Checksums-Sha1:
d44398f156b670fe11b35967276385c6ff3ee3d8 1251 mutt_1.5.18-1.dsc
a835a1933297494f2c6c68b9a334cc1d71a95e5a 3602632 mutt_1.5.18.orig.tar.gz
3ff8a9aac19641899fbd98fa28ced5d68ee55193 84336 mutt_1.5.18-1.diff.gz
eb8370045d13dd40351fb72bd4d5d0d8a8b079a1 1962998 mutt_1.5.18-1_amd64.deb
06df45f25f8877b95445fcb49ec8504bf81bc44a 385344 mutt-patched_1.5.18-1_amd64.deb
111d82036a2199c70cd703dbc67843f0c2cfeffb 1322848 mutt-dbg_1.5.18-1_amd64.deb
Checksums-Sha256:
c12a9e6257472a7d06fc0b19e30491358ca0e284487f013b6d2600be9b54b266 1251
mutt_1.5.18-1.dsc
8bb6d69ea2c72030b66ec9bb4bd4007ba6d8dc5f60fdfde7b712e2784e08bfb3 3602632
mutt_1.5.18.orig.tar.gz
66c92003308a401908c7f348f3a5aac6da9d197f8bc4cd1308ea49e634544ab6 84336
mutt_1.5.18-1.diff.gz
41356c9fd93eb94836d94e7f17b7ead25835dc9fc520f1d0bbd62c4c0aafe2de 1962998
mutt_1.5.18-1_amd64.deb
867d3dcabb628e1c0dcb3966b68d7ef489f28508a8917241acf658c2e8595302 385344
mutt-patched_1.5.18-1_amd64.deb
f4e9183ccd92b4b9e91c19e85db0aa86ec8426672c619382494243a6d04e132e 1322848
mutt-dbg_1.5.18-1_amd64.deb
Files:
faba3171386432616a391ea78116b613 1251 mail standard mutt_1.5.18-1.dsc
27c30037120189b9f9c0d3e76361b8f8 3602632 mail standard mutt_1.5.18.orig.tar.gz
1043abaa08260bb010ef83b765903dbc 84336 mail standard mutt_1.5.18-1.diff.gz
24168cb1fa2af42b36550c722314c2f5 1962998 mail standard mutt_1.5.18-1_amd64.deb
6793facaaf49d1f3d812df93d9b622f5 385344 mail extra
mutt-patched_1.5.18-1_amd64.deb
11c0da7819658f2bc3391ea12f1c4894 1322848 mail extra mutt-dbg_1.5.18-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFIOFRbxa93SlhRC1oRApx4AKCWp1zKSabBkvGFuoyqnPsLHXnUWQCfeon4
eMCg68yjtzWqmNc1vumQDJQ=
=31mr
-----END PGP SIGNATURE-----
--- End Message ---
