mail(1) processes command escapes also if used non-interactively
Bug #1948712 reported by
Christian Franke
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
mailutils (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Steps to reproduce:
$ printf 'test:\n~! echo ALERT\nbye!\n' | mail TO_SOME_ADDRESS
Observed: "ALERT" is printed to standard output.
Expected: String "~! echo ALERT" shall be send as second line of the mail.
Command escapes should only be processed if used interactively.
Related security issues:
https:/
https:/
Fixed in mailutils 3.13, see https:/
Regards,
Christian Franke
smartmontools.org
To post a comment you must log in.
Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https:/ /wiki.ubuntu. com/SecurityTea m/UpdateProcedu res