Package: mailutils Version: 1:3.10-3 Steps to reproduce:
$ printf 'test:\n~! echo ALERT\nbye!\n' | mail TO_SOME_ADDRESS Observed: "ALERT" is printed to standard output. Expected: String "~! echo ALERT" shall be send as second line of the mail. Command escapes should only be processed if used interactively. Related security issues: https://security-tracker.debian.org/tracker/CVE-2021-32749 https://www.smartmontools.org/ticket/1535 Fixed in mailutils 3.13, see https://savannah.gnu.org/bugs/?60937 If possible, please backport the fix to (old)stable. Regards, Christian Franke smartmontools.org
