Detections
Analytics

Debian DSA-2416-1 : notmuch - information disclosure

high Nessus Plugin ID 58110

Language:

Synopsis

The remote Debian host is missing a security-related update.

Description

It was discovered that Notmuch, an email indexer, did not sufficiently escape Emacs MML tags. When using the Emacs interface, a user could be tricked into replying to a maliciously formatted message which could lead to files from the local machine being attached to the outgoing message.

Solution

Upgrade the notmuch packages.

For the stable distribution (squeeze), this problem has been fixed in version 0.3.1+squeeze1.

See Also

https://packages.debian.org/source/squeeze/notmuch

https://www.debian.org/security/2012/dsa-2416

Plugin Details

Severity: High

ID: 58110

File Name: debian_DSA-2416.nasl

Version: 1.8

Type: local

Agent: unix

Published: 2/24/2012

Updated: 1/11/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:notmuch, cpe:/o:debian:debian_linux:6.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 2/22/2012

Reference Information

DSA: 2416