Nico Golde wrote: >> The code in question is not present in the Debian package, because I have >> patched it to use run-mailcap or sensible-browser instead. > [...] > Thanks, that looks secure to me. I missed the patch when > looking at the package because its name does not imply any > security relevant changes.
No, because it wasn't meant to be. It was merely a fortunate side effect :-) > So thanks, I marked this as > not-affected in our security tracker and thus closing this > bug. Thanks. I also noticed from the Bugzilla report that the same problem exists in xdg-email. However, fortunately, I had also patched that script to use sensible-browser instead :-) -- Pelle -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
