On Tue, 27 Jan 2015 17:35:36 -0800
Isaac Dunham <ibid.ag_at_gmail.com> wrote:
> On Tue, Jan 27, 2015 at 04:15:35PM +0100, Natanael Copa wrote:
> > I'm bringing up this old issue because there are a couple of CVE issues:
> > http://seclists.org/oss-sec/2014/q4/1066
> > Do you think it would be possible to completely replace main/mailx with
> > heirloom-mailx without breaking too much? More specifically, does
> > heirloom/mailx' mail implementation support all the args in current
> > mail/mailx?
> > -nc
> heirloom-mailx does not mention -v in its help, but seems to accept it.
> Other options/arguments seem to be compatible.
I'm thinking how to do this for stable to fix the CVE issues. I looked
at backporting the patches to our version but that seems like alot of
work so I don't think that is a good option.
It seems that heirloom-mailx also introduces krb5 dependency. I think
we don't want that for stable, but it also looks like its optional.
The /etc/mail.rc has been renamed to /etc/nail.rc but I suppose we can
add a pre-upgrade script that will rename existing /etc/mail.rc
to /etc/nail.rc and add a symlink /etc/mail.rc.
There is also a heirloom-mailx fork named s-nail. I don't know if that
is a better alternative.
Received on Fri Jan 30 2015 - 13:46:01 UTC