Package: procmail
Version: 3.22-23
Tags: security
procmail preserves the TZ variable from user's environment, without any
sanitization. This is a bad idea on glibc systems, where you can set TZ
to an arbitrary file, which will then be read by tzset(3).
This can be abused for denial of service (by pointing TZ to a named pipe
or a tape device that wouldn't be otherwise readable); or it could allow
exploiting tzfile parsing bugs (such as #772705).
--
Jakub Wilk
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
