-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Wed, 17 Dec 2014 17:09:52 +0100 Source: heirloom-mailx Binary: heirloom-mailx Architecture: source amd64 Version: 12.4-2+deb6u1 Distribution: squeeze-lts Urgency: high Maintainer: Hilko Bengen <bengen@debian.org> Changed-By: Raphaël Hertzog <hertzog@debian.org> Description: heirloom-mailx - feature-rich BSD mail(1) Changes: heirloom-mailx (12.4-2+deb6u1) squeeze-lts; urgency=high . * Non-maintainer upload by the Debian LTS Team. * Apply patches from Red Hat to address command execution issues: + 0011-outof-Introduce-expandaddr-flag.patch Disable command execution in email addresses (CVE-2014-7844) + 0012-unpack-Disable-option-processing-for-email-addresses.patch + 0013-fio.c-Unconditionally-require-wordexp-support.patch + 0014-globname-Invoke-wordexp-with-WRDE_NOCMD.patch (CVE-2004-2771) Checksums-Sha1: bc9db77f86ba7b01a96eeaa4c792cf03d17e861e 1420 heirloom-mailx_12.4-2+deb6u1.dsc 1b8a7bd92b1b048b05b5b440bf224fefb36c3960 10512 heirloom-mailx_12.4-2+deb6u1.diff.gz 7392f2fea5e6b5b56249a8ec546fde6729a50160 320002 heirloom-mailx_12.4-2+deb6u1_amd64.deb Checksums-Sha256: 43209b291a7f8cff2635759e29899a6d6b97bee0e604b2676f4af9db113c9c23 1420 heirloom-mailx_12.4-2+deb6u1.dsc f67938ca24681c41fbda5d1c6eff9f3b8c8922963fb205ad445bac141cb942ac 10512 heirloom-mailx_12.4-2+deb6u1.diff.gz e2753b9de124ae10234571b4ba12f6f1b8cd93b09348b56671e9caa0748ffab6 320002 heirloom-mailx_12.4-2+deb6u1_amd64.deb Files: e4333468897b03564113f9e01661b713 1420 mail optional heirloom-mailx_12.4-2+deb6u1.dsc aff5f15c8804f4889b9c150caa412936 10512 mail optional heirloom-mailx_12.4-2+deb6u1.diff.gz 4f9cc0622c85bc28e6c1c41caf5a77e2 320002 mail optional heirloom-mailx_12.4-2+deb6u1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Signed by Raphael Hertzog iQEcBAEBAgAGBQJUka3pAAoJEAOIHavrwpq5TgsH/A4yuHXduTlVhUnEBKuFzIWH 6Qck6t+BySzFEFS0wo16rwA7793fcdmXWhLIiAuLwmAf6AxciysaAm61+QldNtzA 1RAaxX9nyRNKFwXNauQhIFrnspB7rQtN1dINytJ1Dqph9pLqxL6m7tQHIQAeM5Em LnfuXmqu5EMbuTx/7W0UZNJohsgUlVQyRCE1jJWjo08TaBODPFdiU2NuHw85e76Y nPVMbkEjNbJKP7/5pRVesW5s9GlT5IzZpkW/gMcXPHkKZJ81tcTfAI1huSZpLkg5 suwfJVtfo2gsILcx8ZKsTOqt25sJh/Nrahu07SBGcIZ5fRoKSD0fgTFnlEJjMHQ= =0DJi -----END PGP SIGNATURE-----