sup-mail: two command injection flaws
| Package(s): | sup-mail | CVE #(s): | CVE-2013-4478 CVE-2013-4479 | ||||
| Created: | December 1, 2013 | Updated: | December 4, 2013 | ||||
| Description: | joernchen of Phenoelit discovered two command injection flaws in Sup, a
console-based email client. An attacker might execute arbitrary command
if the user opens a maliciously crafted email.
From the Debian advisory: CVE-2013-4478: Sup wrongly handled the filename of attachments. CVE-2013-4479: Sup did not sanitize the content-type of attachments. | ||||||
| Alerts: |
| ||||||