Candidate: CVE-2013-4479
PublicDate: 2013-12-07 20:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4479
 https://github.com/sup-heliotrope/sup/commit/ca0302e0c716682d2de22e9136400c704cc93e42
Description:
 lib/sup/message_chunks.rb in Sup before 0.13.2.1 and 0.14.x before 0.14.1.1
 allows remote attackers to execute arbitrary commands via shell
 metacharacters in the content_type of an email attachment.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728232
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_sup-mail:
upstream_sup-mail: needs-triage
lucid_sup-mail: ignored (reached end-of-life)
precise_sup-mail: ignored (reached end-of-life)
precise/esm_sup-mail: DNE (precise was needed)
quantal_sup-mail: ignored (reached end-of-life)
raring_sup-mail: ignored (reached end-of-life)
saucy_sup-mail: ignored (reached end-of-life)
trusty_sup-mail: not-affected (0.12.1+git20120407.aaa852f-1+deb7u1)
trusty/esm_sup-mail: DNE (trusty was not-affected [0.12.1+git20120407.aaa852f-1+deb7u1])
utopic_sup-mail: DNE
vivid_sup-mail: DNE
vivid/stable-phone-overlay_sup-mail: DNE
vivid/ubuntu-core_sup-mail: DNE
wily_sup-mail: DNE
xenial_sup-mail: not-affected (0.22.1-1)
yakkety_sup-mail: not-affected (0.22.1-1)
zesty_sup-mail: not-affected (0.22.1-1)
devel_sup-mail: not-affected (0.22.1-1)