Summary: | mail-mta/courier: sqwebmail HTTP splitting attack ? | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Thierry Carrez (RETIRED) <koon> |
Component: | Auditing | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | normal | CC: | security-audit, swtaylor, ticho |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
URL: | http://seclists.org/lists/bugtraq/2005/Apr/0441.html | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Thierry Carrez (RETIRED)
2005-04-27 00:57:05 UTC
Scott please advise. swtaylor seems to be MIA, ticho could you look into it? Um, I can't find sqwebmail in portage. I have recently closed one ancient sqwebmail bug because of this too. I couldn't find sqwebmail in cvs attic as well, I am at a loss to find out what happened to that package. I'm afraid I can't do much until upstream provides a solution (be it patch or new version). Entire courier, as well as sqwebmail is completely alien to me. As soon as upstream provides a solution, I can try to apply it if swtailor will still be gone. Ticho any news on this one? I'm afraid not - atleast I wasn't able to glimpse anything relevant in their official changelog (http://www.courier-mta.org/changelog.html) upstream responsed here: http://sourceforge.net/mailarchive/forum.php?thread_id=7193743&forum_id=6705 Upstream denied it, maybe our auditors should check it sometime. Closing as per upstream. |