Bug#546884: Privacy revealed - #304718 backfired
Artur R. Czechowski
arturcz at hell.pl
Wed Sep 16 19:32:13 UTC 2009
severity 546884 serious
thanks
Package: mutt
Version: 1.5.20-2
Severity: serious
Hello,
I believe this bug shall be set as serious (and I've just changed it
accordingly). Explanation follows.
I am using default setup of exim4 4.69-11+b1 with no modification, only
changeѕ are made using dpkg-reconfigure.
I have default /etc/Muttrc from mutt 1.5.20 and default setting
for sendmail parameter: /usr/sbin/sendmail -oem -oi
With such settings Bcc field has been revealed to all recipients.
I want to emphasise it: I have default configuration provided by Debian
and the bug appears.
They say: better safe than sorry. That's why default shall be set
to protect privacy. In case someone need to have unset write_bcc (as
submitter of mentioned 304718) he can set it on his own - taking all risks
into consideration.
Additionaly, I believe it shall be also fixed in stable release.
Best regards
Artur
-- Package-specific info:
Mutt 1.5.20 (2009-06-14)
Copyright (C) 1996-2009 Michael R. Elkins and others.
Mutt comes with ABSOLUTELY NO WARRANTY; for details type `mutt -vv'.
Mutt is free software, and you are welcome to redistribute it
under certain conditions; type `mutt -vv' for details.
System: Linux 2.6.30-1-amd64 (x86_64)
ncurses: ncurses 5.7.20090803 (compiled with 5.7)
libidn: 1.15 (compiled with 1.15)
hcache backend: GDBM version 1.8.3. 10/15/2002 (built Jul 9 2009 11:48:41)
Compile options:
-DOMAIN
+DEBUG
-HOMESPOOL +USE_SETGID +USE_DOTLOCK +DL_STANDALONE +USE_FCNTL -USE_FLOCK
+USE_POP +USE_IMAP +USE_SMTP
-USE_SSL_OPENSSL +USE_SSL_GNUTLS +USE_SASL +USE_GSS +HAVE_GETADDRINFO
+HAVE_REGCOMP -USE_GNU_REGEX
+HAVE_COLOR +HAVE_START_COLOR +HAVE_TYPEAHEAD +HAVE_BKGDSET
+HAVE_CURS_SET +HAVE_META +HAVE_RESIZETERM
+CRYPT_BACKEND_CLASSIC_PGP +CRYPT_BACKEND_CLASSIC_SMIME +CRYPT_BACKEND_GPGME
-EXACT_ADDRESS -SUN_ATTACHMENT
+ENABLE_NLS -LOCALES_HACK +COMPRESSED +HAVE_WC_FUNCS +HAVE_LANGINFO_CODESET +HAVE_LANGINFO_YESEXPR
+HAVE_ICONV -ICONV_NONTRANS +HAVE_LIBIDN +HAVE_GETSID +USE_HCACHE
-ISPELL
SENDMAIL="/usr/sbin/sendmail"
MAILPATH="/var/mail"
PKGDATADIR="/usr/share/mutt"
SYSCONFDIR="/etc"
EXECSHELL="/bin/sh"
MIXMASTER="mixmaster"
To contact the developers, please mail to <mutt-dev at mutt.org>.
To report a bug, please visit http://bugs.mutt.org/.
patch-1.5.13.cd.ifdef.2
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.30-1-amd64 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages mutt depends on:
ii libc6 2.9-26 GNU C Library: Shared libraries
ii libcomerr2 1.41.9-1 common error description library
ii libgdbm3 1.8.3-6 GNU dbm database routines (runtime
ii libgnutls26 2.8.3-2 the GNU TLS library - runtime libr
ii libgpg-error0 1.6-1 library for common error values an
ii libgpgme11 1.1.8-2 GPGME - GnuPG Made Easy
ii libgssapi-krb5-2 1.7dfsg~beta3-1 MIT Kerberos runtime libraries - k
ii libidn11 1.15-1 GNU Libidn library, implementation
ii libk5crypto3 1.7dfsg~beta3-1 MIT Kerberos runtime libraries - C
ii libkrb5-3 1.7dfsg~beta3-1 MIT Kerberos runtime libraries
ii libncursesw5 5.7+20090803-2 shared libraries for terminal hand
ii libsasl2-2 2.1.23.dfsg1-1.1 Cyrus SASL - authentication abstra
Versions of packages mutt recommends:
ii exim4 4.69-11 metapackage to ease Exim MTA (v4)
ii exim4-daemon-light [mai 4.69-11+b1 lightweight Exim MTA (v4) daemon
ii libsasl2-modules 2.1.23.dfsg1-1.1 Cyrus SASL - pluggable authenticat
ii locales 2.9-26 GNU C Library: National Language (
ii mime-support 3.46-1 MIME files 'mime.types' & 'mailcap
Versions of packages mutt suggests:
ii aspell 0.60.6-2 GNU Aspell spell-checker
ii ca-certificates 20090814 Common CA certificates
ii gnupg 1.4.10-1 GNU privacy guard - a free PGP rep
ii ispell 3.1.20.0-6 International Ispell (an interacti
pn mixmaster <none> (no description available)
ii openssl 0.9.8k-4 Secure Socket Layer (SSL) binary a
ii urlview 0.9-18 Extracts URLs from text
Versions of packages mutt is related to:
ii mutt 1.5.20-2 text-based mailreader supporting M
pn mutt-dbg <none> (no description available)
pn mutt-patched <none> (no description available)
-- no debconf information
--
There are only 10 types of people in the world:
Those who understand binary and those who don't.
/unknown/
More information about the Pkg-exim4-maintainers
mailing list