f07bd47521
arbitrary code execution. Details at http://groups.google.com/group/mail-ruby/browse_thread/thread/e93bbd05706478dd OK ajacoutot@
23 lines
648 B
Plaintext
23 lines
648 B
Plaintext
$OpenBSD: patch-lib_mail_rb,v 1.1 2011/02/10 01:39:47 jeremy Exp $
|
|
|
|
Fix for "Vulnerability in Sendmail Delivery Agent code".
|
|
|
|
--- lib/mail.rb.orig Wed Dec 31 16:00:00 1969
|
|
+++ lib/mail.rb Wed Feb 9 09:22:07 2011
|
|
@@ -2,6 +2,7 @@
|
|
module Mail # :doc:
|
|
|
|
require 'date'
|
|
+ require 'shellwords'
|
|
|
|
require 'active_support'
|
|
require 'active_support/core_ext/hash/indifferent_access'
|
|
@@ -31,6 +32,7 @@ module Mail # :doc:
|
|
require 'mail/version'
|
|
|
|
require 'mail/core_extensions/nil'
|
|
+ require 'mail/core_extensions/shellwords' unless String.new.respond_to?(:shellescape)
|
|
require 'mail/core_extensions/string'
|
|
|
|
require 'mail/patterns'
|