DescriptionThe Mail::Mailer Perl module in the perl-MailTools package 1.47 and earlier uses mailx as the default mailer, which allows remote attackers to execute arbitrary commands by inserting them into the mail body, which is then processed by mailx.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
Debian Bugs168381

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libmailtools-perl (PTS)buster, stretch2.18-1fixed
bookworm, sid, bullseye2.21-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs

Search for package or bug name: Reporting problems