Date: Wed, 13 Nov 2002 11:37:37 +0000 From: Phil Pennock <pdp@nl.demon.net> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/45266: p5-Mail-Tools security hole; update needed Message-ID: <E18Bvpx-000OJr-00@samhain.noc.nl.demon.net>
next in thread | raw e-mail | index | archive | help
>Number: 45266 >Category: ports >Synopsis: p5-Mail-Tools security hole; update needed >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Wed Nov 13 03:40:00 PST 2002 >Closed-Date: >Last-Modified: >Originator: Phil Pennock >Release: FreeBSD 4.7-RELEASE-p1 i386 >Organization: THUS Plc >Environment: Any with Perl and Ports:mail/p5-Mail-Tools installs >Description: <URL:http://search.cpan.org/src/MARKOV/MailTools-1.51/ChangeLog>; - Removed the possibility to use 'mailx', which was the default: removal from the detectionn routines and Mail/Mailer/mail.pm. Strongly suggested by [Sebastian Krahmer] mailx can be made to take commands from the mail content, so in some circumstances anyone who can send you email that goes through this module can run arbitrary commands on your machine; allegedly SpamAssassin is open to this. >How-To-Repeat: "use Mail::Mailer" without forcing use of non-default implementation method >Fix: Update port to latest version (1.51); see URL in pkg-descr. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E18Bvpx-000OJr-00>