|Package(s):||sup-mail||CVE #(s):||CVE-2013-4478 CVE-2013-4479|
|Created:||December 1, 2013||Updated:||December 4, 2013|
|Description:||joernchen of Phenoelit discovered two command injection flaws in Sup, a
console-based email client. An attacker might execute arbitrary command
if the user opens a maliciously crafted email.
From the Debian advisory:
CVE-2013-4478: Sup wrongly handled the filename of attachments.
CVE-2013-4479: Sup did not sanitize the content-type of attachments.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds