diff options
author | Aaron Ecay <aaronecay@gmail.com> | 2012-02-03 11:24:08 +0100 |
---|---|---|
committer | David Bremner <bremner@debian.org> | 2012-02-03 08:26:41 -0400 |
commit | ae438ccd8c77831158c7c30f19710d798ee4a6b4 (patch) | |
tree | 09c467568c2805a27bdd6c7deacf8305423d8e53 /NEWS | |
parent | 3f2050ac221a4c940c12442f156f12fff11600c6 (diff) |
emacs: quote MML tags in replies
Emacs message-mode uses certain text strings to indicate how to attach
files to outgoing mail. If these are present in the text of an email,
and a user is tricked into replying to the message, the user’s files
could be exposed.
Edited-by: Pieter Praet <pieter@praet.org>: Rebased to release branch.
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 11 |
1 files changed, 11 insertions, 0 deletions
@@ -11,6 +11,17 @@ Fix error handling in python bindings. exceptions to indicate the error condition. Any subsequent calls into libnotmuch caused segmentation faults. +Quote MML tags in replies + + MML tags are text codes that Emacs uses to indicate attachments + (among other things) in messages being composed. The Emacs + interface did not quote MML tags in the quoted text of a reply. + User could be tricked into replying to a maliciously formatted + message and not editing out the MML tags from the quoted text. This + could lead to files from the user's machine being attached to the + outgoing message. The Emacs interface now quotes these tags in + reply text, so that they do not effect outgoing messages. + Notmuch 0.11 (2012-01-13) ========================= |