[hypermail] Re: [hypermail-dev] Security problems

From: Daniel Stenberg <daniel_at_haxx.se_at_hypermail-project.org>
Date: Fri, 24 Jan 2003 16:53:44 +0100 (CET)
Message-ID: <Pine.LNX.4.53.0301241650160.966_at_linux3.contactor.se>


On Thu, 23 Jan 2003, Ulf Harnhammar wrote:

> I'm sorry to tell you that I have found some security problems in
> Hypermail.

I am not surprised. Hypermail was in a terrible state back in pre-2.0 days when I did most of my efforts on removing all the static buffer size regulations internally.

All we need is people to point out the flaws when they find them.

> Please e-mail me, if you're a Hypermail developer, and I will give you more
> details.

I am a Hypermail developer, but we're several. You want us all to mail you?

After all, this is the hypermail development mailing list, why can't you tell the developers at once? You don't need to publish the exploit, just lead us to where the problem is in the code.

> I'm going to post a security advisory about this sooner or later, to inform
> the security community, but I want to give you a chance to fix this first.

Sure, publish away, but please tell us first what we should be looking for.

-- 
      Daniel Stenberg - http://daniel.haxx.se - +46-705-44 31 77
   ech`echo xiun|tr nu oc|sed 'sx\([sx]\)\([xoi]\)xo un\2\1 is xg'`ol
Received on Fri 24 Jan 2003 04:51:27 PM GMT

This archive was generated by hypermail 2.2.0 : Thu 22 Feb 2007 07:33:54 PM GMT GMT