Package: mutt-kz
Version: 1.5.23.1-7
Tags: security
The attached program calls "apt-get moo", but when viewed in mutt's
builtin pager, it looks like a hello world program:
#include <stdio.h>
#include <stdlib.h>
int main(int argc, char **argv)
{
/* Copyright © 2016 Jakub Wilk <jw...@jwilk.net>
*/
printf("Hello world!\n");
return 0;
}
Curiously, AFAICS this doesn't happen for other text/* media types.
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (990, 'unstable'), (500, 'experimental')
Architecture: i386 (x86_64)
Foreign Architectures: amd64
Kernel: Linux 4.4.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages mutt-kz depends on:
ii libassuan0 2.4.2-3
ii libc6 2.22-7
ii libcomerr2 1.43~WIP.2016.03.15-2
ii libgnutls30 3.4.11-3
ii libgpg-error0 1.21-2
ii libgpgme11 1.6.0-1
ii libgssapi-krb5-2 1.13.2+dfsg-5
ii libidn11 1.32-3
ii libk5crypto3 1.13.2+dfsg-5
ii libkrb5-3 1.13.2+dfsg-5
ii libncursesw5 6.0+20160319-1
ii libnotmuch4 0.21-3+b1
ii libsasl2-2 2.1.26.dfsg1-15
ii libtinfo5 6.0+20160319-1
ii libtokyocabinet9 1.4.48-10
ii mutt 1.5.24-1+b1
--
Jakub Wilk
#include <stdio.h>
#include <stdlib.h>
int main(int argc, char **argv)
{
/* Copyright © 2016 Jakub Wilk <jw...@jwilk.net> �*/system("apt-get
moo"); return 0;/*
* All rights reserved.
*/
printf("Hello world!\n");
return 0;
}
