It is reported that procmail has a similar flaw to sudo's CVE-2014-9680 in that procmail whitelists TZ values incorrectly. External references: http://openwall.com/lists/oss-security/2014/10/15/24 https://sources.debian.net/src/procmail/3.22-20%2Bdeb7u1/config.h/?hl=22#L13 http://seclists.org/oss-sec/2015/q1/533
Created procmail tracking bugs for this issue: Affects: fedora-all [bug 1203601]
CVE-2014-9681 has been rejected. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue.