File metamail-2.7-19-security.dif of Package metamail
--- metamail/metamail.c
+++ metamail/metamail.c	2006-02-23 18:56:04.000000000 +0100
@@ -445,7 +445,7 @@
         }
         LineBuf = malloc(LINE_BUF_SIZE);
         if (!LineBuf) ExitWithError(nomem);
-        sprintf(LineBuf, "--%s", boundary);
+        snprintf(LineBuf, LINE_BUF_SIZE, "--%s", boundary);
         strcpy(boundary, LineBuf);
         boundarylen = strlen(boundary);
         if (BoundaryCt >= BoundaryAlloc) {
@@ -1202,9 +1202,9 @@
     fprintf(outfp, "Content-type: %s", ContentType);
     for (j=0; j<CParamsUsed; ++j) {
         fprintf(outfp, " ; ");
-        fprintf(outfp, CParams[j]);
+        fprintf(outfp, "%s", CParams[j]);
         fprintf(outfp, " = ");
-        fprintf(outfp, CParamValues[j]);
+        fprintf(outfp, "%s", CParamValues[j]);
     }
     fprintf(outfp, "\n\n"); 
     TranslateInputToOutput(InputFP, outfp, EncodingCode, ContentType);
@@ -2022,7 +2022,8 @@
     if (lc2strcmp(charset, PrevCharset)) {
         char *s2, *charsetinuse;
 
-        strcpy(PrevCharset, charset);
+        strncpy(PrevCharset, charset, sizeof(PrevCharset));
+        PrevCharset[sizeof(PrevCharset) - 1] = '\0';
         for (s2=PrevCharset; *s2; ++s2) {
             if (isupper((unsigned char) *s2)) *s2 = tolower((unsigned char) *s2);
         }
@@ -2032,7 +2033,7 @@
         }
     }
     if (ecode == ENCODING_NONE) {
-        printf(txt+1);
+        printf("%s", txt+1);
     } else {
         /* What follows is REALLY bogus, but all my encoding stuff is pipe-oriented right now... */
         MkTmpFileName(TmpFile);
@@ -2115,7 +2116,7 @@
                         if (boundary[0] == '"') {
                             boundary=UnquoteString(boundary);
                         }
-                        sprintf(LineBuf, "--%s", boundary);
+                        snprintf(LineBuf, LINE_BUF_SIZE, "--%s", boundary);
                         strcpy(boundary, LineBuf);
                         boundarylen = strlen(boundary);
                         if (BoundaryCt >= BoundaryAlloc) {
--- metamail/splitmail.c
+++ metamail/splitmail.c	2006-02-23 18:55:01.000000000 +0100
@@ -194,7 +194,7 @@
 	s = endofheader(from);  /* would be index(from, '\n'),
 				 but need to check for continuation lines */
         *s = '\0';
-	if (ShareThisHeader(from, SubjectBuf, &OrigID)) {
+	if (ShareThisHeader(from, SubjectBuf, sizeof(SubjectBuf), &OrigID)) {
 	    strcat(SharedHeaders, from);
 	    strcat(SharedHeaders, "\n");
 	}
@@ -339,9 +339,10 @@
     NULL
 };
 
-ShareThisHeader(s, SubjectBuf, OrigID)
+ShareThisHeader(s, SubjectBuf, SubjectBufLen, OrigID)
 char *s;
 char *SubjectBuf;
+size_t SubjectBufLen;
 char **OrigID;
 {
     int i;
@@ -361,7 +362,8 @@
     }
     if (!ULstrcmp(s, "subject")) {
         *colon = ':';
-        strcpy(SubjectBuf, ++colon);
+        strncpy(SubjectBuf, ++colon, SubjectBufLen);
+        SubjectBuf[SubjectBufLen - 1] = '\0';
         return(0);
     }
     if (!ULstrcmp(s, "content-type")) {