From: Daniel Stenberg (daniel@haxx.se)
Date: Fri Jan 24 2003 - 09:53:44 CST
On Thu, 23 Jan 2003, Ulf Harnhammar wrote:
> I'm sorry to tell you that I have found some security problems in
> Hypermail.
I am not surprised. Hypermail was in a terrible state back in pre-2.0 days
when I did most of my efforts on removing all the static buffer size
regulations internally.
All we need is people to point out the flaws when they find them.
> Please e-mail me, if you're a Hypermail developer, and I will give you more
> details.
I am a Hypermail developer, but we're several. You want us all to mail you?
After all, this is the hypermail development mailing list, why can't you tell
the developers at once? You don't need to publish the exploit, just lead us
to where the problem is in the code.
> I'm going to post a security advisory about this sooner or later, to inform
> the security community, but I want to give you a chance to fix this first.
Sure, publish away, but please tell us first what we should be looking for.
--
Daniel Stenberg - http://daniel.haxx.se - +46-705-44 31 77
ech`echo xiun|tr nu oc|sed 'sx\([sx]\)\([xoi]\)xo un\2\1 is xg'`ol