Control: retitle -1 sup-mail: CVE-2013-4478 and CVE-2013-4479 Actually I was not correct, there should be two issues:
CVE-2013-4478: For the issue specifically covered in http://seclists.org/fulldisclosure/2013/Oct/att-272/whatsup.txt which is https://github.com/sup-heliotrope/sup/commit/8b46cdbfc14e07ca07d403aa28b0e7bc1c544785 (security: shellwords escape attachment file names to prevent remote code execution). CVE-2013-4479: https://github.com/sup-heliotrope/sup/commit/ca0302e0c716682d2de22e9136400c704cc93e42 (security: prevent remote command injection in content_type) See http://www.openwall.com/lists/oss-security/2013/10/30/2 for the correction of this. Regards, Salvatore _______________________________________________ Pkg-ruby-extras-maintainers mailing list Pkg-ruby-extras-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
