Debian Security Advisory
DLA-489-1 ruby-mail -- LTS security update
- Date Reported:
- 25 May 2016
- Affected Packages:
- Security database references:
- No other external database security references currently available.
- More information:
This security update fixes a security issue in ruby-mail. We recommend you upgrade your ruby-mail package.
Takeshi Terada (Mitsui Bussan Secure Directions, Inc.) released a whitepaper entitled
SMTP Injection via recipient email addresses(http://www.mbsd.jp/Whitepaper/smtpi.pdf). This whitepaper has a section discussing how one such vulnerability affected the
Whitepaper has all the specific details, but basically the
For Debian 7
Wheezy, these problems have been fixed in version 2.4.4-2+deb7u1.
Further information about Debian LTS security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS