CVE-2012-1103

Name of the Vulnerable Software and Affected Versions Notmuch versions prior to 0.11.1

Description The issue allows user-assisted remote attackers to read arbitrary files via crafted MML tags. When using the Emacs interface, these tags are not properly quoted in an email reply, which can cause the files to be attached to the message.

Recommendations For versions prior to 0.11.1, update to version 0.11.1 or later to resolve the issue. As a temporary workaround, consider avoiding the use of crafted MML tags in email replies until the update is applied.