mailing list archives
Re: Horde library Bug part 2
From: John Riddoch <jr () scms rgu ac uk>
Date: Tue, 19 Sep 2000 17:13:51 +0100
Fix: Best solution would be generally not to pass vars to
popen(), but rather opening the pipe to Sendmail by calling
and putting all available information into the mail header.
This requires some extra checking and converting, but
secures the system a lot.
There's an update available which should be a more complete fix; from
The Horde team announces the availability of IMP 2.2.2 -- this version is
"part 2" to a security vulnerability present in 2.2.0 (and earlier "pre"
releases) that was only partially fixed in 2.2.1. Users of IMP 2.2 on
production systems are STRONGLY ENCOURAGED to upgrade.
John Riddoch Email: jr () scms rgu ac uk Telephone: (01224)262721
Theists think all gods but theirs are false. Atheists simply don't make
an exception for the last one.