Package: mutt Version: 1.5.9-2 Severity: normal Tags: security
I just saved an attachment by the name =?ISO-8859-15?Q?=DCberraschung=2Ezip?= as it was received due to (improper?) encoding. The message ended up not in my pwd, but in $MAIL/?ISO-8859-15?Q?=DCberraschung=2Ezip?= Being uncautious one could be tricked into overwriting mail folders. I'm not sure if the = -> $MAIL expansion is desired in the attachment menu at all (I don't think so), but it should for sure not be used with filenames supplied by remote parties. -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.14.1 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Versions of packages mutt depends on: ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii libdb4.3 4.3.27-2 Berkeley v4.3 Database Libraries [ ii libgnutls11 1.0.16-13.1 GNU TLS library - runtime library ii libidn11 0.5.13-1.0 GNU libidn library, implementation ii libncursesw5 5.4-4 Shared libraries for terminal hand ii libsasl2 2.1.19-1.5 Authentication abstraction library ii postfix [mail-transport-age 2.1.5-9 A high-performance mail transport -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
