$OpenBSD: patch-pine_mailcap_c,v 1.4 2005/04/29 19:51:35 jakob Exp $
--- pine/mailcap.c.orig	Wed Nov  3 21:11:17 2004
+++ pine/mailcap.c	Fri Apr 29 19:49:47 2005
@@ -993,14 +993,18 @@ mc_cmd_bldr(controlstring, type, subtype
 		     * have to put those outside of the single quotes.
 		     * (The parm+1000 nonsense is to protect against
 		     * malicious mail trying to overlow our buffer.)
+		     *
+		     * TCH - Change 2/8/1999
+		     * Also quote the ` slash to prevent execution of arbitrary code
 		     */
 		    for(p = parm; *p && p < parm+1000; p++){
-			if(*p == '\''){
+			if((*p == '\'') || (*p=='`')) {
 			    *to++ = '\'';  /* closing quote */
 			    *to++ = '\\';
-			    *to++ = '\'';  /* below will be opening quote */
-			}
-			*to++ = *p;
+			    *to++ = *p;		/* quoted character */
+			    *to++ = '\'';	/* opening quote */
+			} else
+			    *to++ = *p;
 		    }
 
 		    fs_give((void **) &parm);
