

Vulnerability in Sendmail Delivery Agent code in Mail, affects Rails - wlll
http://groups.google.com/group/mail-ruby/browse_thread/thread/e93bbd05706478dd?pli=1
"An attacker could craft an email address used to send out an email and inject code that would be executed by the system shell.<p>All users who are using sendmail to deliver their system email and running a 2.2.14 or earlier release of Mail should upgrade immediately."
======
rmoriz
missleading subject: only the rubygem "mail" is affected. Not sendmail or
mail(8) itself.

~~~
wlll
Vulnerability in _Sendmail Delivery Agent code in Mail_

It affects the code in Mail that sends mail using the sendmail MTA.

~~~
rmoriz
it's not mail(8). it's just the rubygem "mail".

------
davidw
This is where having a centralized gem repository might come in handy... If
you have 15 projects, you're going to have to go update each and every one.

~~~
rmoriz
Usually you do a bundle install when deploying. If you've specified >= 2.2.14
in your Gemfile you just have to redeploy: "cap deploy".

Thanks to user wycats (+team) for bundler. :)

~~~
tomafro
You'll also have to do 'bundle update <broken-gem>', commit the resulting
Gemfile.lock and hopefully wait for your CI build to pass before deploying.
Doing that 15 times would be onerous.

