Control: retitle -1 sup-mail: CVE-2013-4478 and CVE-2013-4479 Actually I was not correct, there should be two issues:
CVE-2013-4478: For the issue specifically covered in http://seclists.org/fulldisclosure/2013/Oct/att-272/whatsup.txt which is https://github.com/sup-heliotrope/sup/commit/8b46cdbfc14e07ca07d403aa28b0e7bc1c544785 (security: shellwords escape attachment file names to prevent remote code execution). CVE-2013-4479: https://github.com/sup-heliotrope/sup/commit/ca0302e0c716682d2de22e9136400c704cc93e42 (security: prevent remote command injection in content_type) See http://www.openwall.com/lists/oss-security/2013/10/30/2 for the correction of this. Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
