Hi, I could not reproduce the attack. The ruby2.3 interpreter in Debian received a patch preventing SMTP command injections
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864860 So this package used in conjunction with the Debian version of the ruby interpreter in stretch or unstable/testing is not vulnerable. Cheers, Cédric
signature.asc
Description: PGP signature
_______________________________________________ Pkg-ruby-extras-maintainers mailing list Pkg-ruby-extras-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers