diff -up notmuch-0.6.1/emacs/notmuch-mua.el.cve-2011-1103 notmuch-0.6.1/emacs/notmuch-mua.el
--- notmuch-0.6.1/emacs/notmuch-mua.el.cve-2011-1103 2011-07-17 16:20:51.000000000 +0200
+++ notmuch-0.6.1/emacs/notmuch-mua.el 2012-03-07 17:26:19.174712427 +0100
@@ -109,7 +109,12 @@ list."
(insert body))
(set-buffer-modified-p nil)
- (message-goto-body))
+ (message-goto-body)
+ ;; Original message may contain (malicious) MML tags. We must
+ ;; properly quote them in the reply. Note that using `point-max'
+ ;; instead of `mark' here is wrong. The buffer may include user's
+ ;; signature which should not be MML-quoted.
+ (mml-quote-region (point) (point-max)))
(defun notmuch-mua-forward-message ()
(message-forward)