On 04/20/16 at 08:32pm, Jakub Wilk wrote:
> Package: mutt-kz
> Version: 1.5.23.1-7
> Tags: security
>
> The attached program calls "apt-get moo", but when viewed in mutt's builtin
> pager, it looks like a hello world program:
The very same happens with the original mutt (mutt-org). Thous, this issue
belongs to mutt and all its flavors.
>
> #include <stdio.h>
> #include <stdlib.h>
>
> int main(int argc, char **argv)
> {
> /* Copyright © 2016 Jakub Wilk <[email protected]>
> */
> printf("Hello world!\n");
> return 0;
> }
>
>
> Curiously, AFAICS this doesn't happen for other text/* media types.
>
>
> -- System Information:
> Debian Release: stretch/sid
> APT prefers unstable
> APT policy: (990, 'unstable'), (500, 'experimental')
> Architecture: i386 (x86_64)
> Foreign Architectures: amd64
>
> Kernel: Linux 4.4.0-1-amd64 (SMP w/2 CPU cores)
> Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> Init: sysvinit (via /sbin/init)
>
> Versions of packages mutt-kz depends on:
> ii libassuan0 2.4.2-3
> ii libc6 2.22-7
> ii libcomerr2 1.43~WIP.2016.03.15-2
> ii libgnutls30 3.4.11-3
> ii libgpg-error0 1.21-2
> ii libgpgme11 1.6.0-1
> ii libgssapi-krb5-2 1.13.2+dfsg-5
> ii libidn11 1.32-3
> ii libk5crypto3 1.13.2+dfsg-5
> ii libkrb5-3 1.13.2+dfsg-5
> ii libncursesw5 6.0+20160319-1
> ii libnotmuch4 0.21-3+b1
> ii libsasl2-2 2.1.26.dfsg1-15
> ii libtinfo5 6.0+20160319-1
> ii libtokyocabinet9 1.4.48-10
> ii mutt 1.5.24-1+b1
> #include <stdio.h>
> #include <stdlib.h>
>
> int main(int argc, char **argv)
> {
> /* Copyright © 2016 Jakub Wilk <[email protected]>
> */
> printf("Hello world!\n");
> return 0;
> }
