Package: bsd-mailx Version: 8.1.2-0.20111106cvs-1+deb7u1 Severity: normal Dear Maintainer,
Having just updated to DSA-3104-1, it seems that command execution can still be obtained with the -I option and ~! expansion e.g. perl -e 'print "hello\n~!ls>file\nbye\n"' | mailx recip1 -I recip2 and I wonder whether this is something to worry about. I apologize if my worries are unwarranted and I made useless noise. Thanks, Paul Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia -- System Information: Debian Release: 7.7 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (x86_64) Kernel: Linux 3.2.63-pk06.26-amd64 (SMP w/32 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/bash Versions of packages bsd-mailx depends on: ii base-files 7.1wheezy7 ii libbsd0 0.4.2-1 ii libc6 2.13-38+deb7u6 ii liblockfile1 1.09-5 ii sendmail-bin [mail-transport-agent] 8.14.4-4 bsd-mailx recommends no packages. bsd-mailx suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
