Movemail security issue (fix in SXEmacs?)
Steve Youngs
steve at sxemacs.org
Wed Feb 23 00:36:14 EST 2005
* Stephen J Turnbull <stephen at xemacs.org> writes:
>>>>>> "Johann" == Johann Oskarsson <Johann> writes:
Johann> http://bastard.youngs.au.com/pipermail/sxemacs-patches/2005-February/000165.html
> This is the CAN-2005-0100 vulnerability, right?
Yep.
> In 21.4.17 and 21.5.19:
> 2005-01-29 Vin Shelton <acs at xemacs.org>
> * movemail.c (popmail): Pass error string as format parameter
> instead of as part of format string. Security fixes for
> CAN-2005-0100.
Yes. We have this change in SXEmacs. Well, almost. I just looked at
it again and it would seem that I missed one hunk out of Vin's patch
when I synched it across. Oops. :-(
OK, bottom line, XEmacs people can totally ignore this. SXEmacs people
should give me a kick up the arse for blowing the sync.
Johann, good catch! Thanks man.
--
|---<Steve Youngs>---------------<GnuPG KeyID: A94B3003>---|
| In space, |
| No one can hear you rip a stinky |
|------------------------------------<steve at sxemacs.org>---|
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 256 bytes
Desc: not available
Url : http://calypso.tux.org/pipermail/xemacs-beta/attachments/20050223/0013438c/attachment.bin
More information about the XEmacs-Beta
mailing list