Package: sup-mail Severity: grave Tags: security upstream patch fixed-upstream
Hi A remote command injection in sup-mail was reported, see [0] and [1] for more details. Upstream also released new versions fixing this issue, see [3] for the diff between 0.13.2 and 0.13.2.1. [0] http://rubyforge.org/pipermail/sup-talk/2013-October/004996.html [1] http://seclists.org/fulldisclosure/2013/Oct/272 [2] http://article.gmane.org/gmane.comp.security.oss.general/11389 [3] https://github.com/sup-heliotrope/sup/compare/release-0.13.2...release-0.13.2.1 (A CVE was requested, in case it get assigned before of releasing a fix, please include the CVE in your changelog). Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
