Hi Klaus,
Am 2017-01-15 um 17:43 schrieb Klaus Ethgen:
> Hi Willi,
>
> Am Sa den 14. Jan 2017 um 16:43 schrieb Willi Mann:
>> in order to come closer to a fix for this issue, I propose the following
>> two patches:
>
>
>> 0001-Add-outputencoding-parameter.patch
>
>> This patch allows to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Willi,
Am Sa den 14. Jan 2017 um 16:43 schrieb Willi Mann:
> in order to come closer to a fix for this issue, I propose the following
> two patches:
>
>
> 0001-Add-outputencoding-parameter.patch
>
> This patch allows to configure the value
Hi,
in order to come closer to a fix for this issue, I propose the following
two patches:
0001-Add-outputencoding-parameter.patch
This patch allows to configure the value for the charset in the
Content-Type line in mail output. This should address Klaus Ethgen's
original concern. Since most
> Possible security problem,new logwatch sends mails with charset UTF-8
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Am So den 1. Jan 2017 um 20:24 schrieb Jason Pyeron:
> > Yes, 8-bit ASCII, here is a translation table.
>
> ASCII is 7 bit.
>
>
> The fail-safe default before was ISO-8859-1. So I suggest to use it
> again.
>
If stream converted output it s require please consider making it a
configurable module in the code base that can be turned on and off and modified
(the module) as needed. Leave the default as is, that way
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Am So den 1. Jan 2017 um 20:24 schrieb Jason Pyeron:
> Yes, 8-bit ASCII, here is a translation table.
ASCII is 7 bit.
All 8 bit are different encodings.
> > Below 128 it is not a problem as UTF-8 is transparent in this
> > range. But
> > above
> Possible security problem,new logwatch sends mails with charset UTF-8
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Am So den 1. Jan 2017 um 17:38 schrieb Jason Pyeron:
> > > What do you want to say with that? Your input is not in UTF-8.
> >
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Am So den 1. Jan 2017 um 17:38 schrieb Jason Pyeron:
> > What do you want to say with that? Your input is not in UTF-8.
>
> That is the point. The OP complaines about ASCII being sent when labeld as
> UTF8, as such it created invalid UTF8
gt; Possible security problem,new logwatch sends mails with charset UTF-8
>
> Hi,
>
> Am 2017-01-01 um 00:20 schrieb Jason Pyeron:
> > Not exactly a valid test, besides it works for me. The
> issue is internal ascii data being written as ascii but
> instructing consumers
Hi,
Am 2017-01-01 um 00:20 schrieb Jason Pyeron:
> Not exactly a valid test, besides it works for me. The issue is internal
> ascii data being written as ascii but instructing consumers
> it is uft8.
>
> $ cat utf8_test.pl
> #!/usr/bin/perl
> #
> use strict;
> use File::Slurp;
>
> my
> -Original Message-
> From: Klaus Ethgen
> Sent: Saturday, December 31, 2016 08:48
> To: Willi Mann
> Cc: Jason Pyeron; 849...@bugs.debian.org; logwatch-de...@lists.sourceforge.net
>
> Hi,
>
> Am Sa den 31. Dez 2016 um 14:28 schrieb Willi Mann:
> > thanks for your test cases. However, I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
Am Sa den 31. Dez 2016 um 14:28 schrieb Willi Mann:
> thanks for your test cases. However, I don't think that binmode provides
> an acceptable solution, at least not alone. While it ensures that the
> strings are valid utf-8 strings, it will
30, 2016 14:03
>> To: Jason Pyeron; 'Willi Mann'; logwatch-de...@lists.sourceforge.net
>> Cc: 849...@bugs.debian.org; 849531-forwar...@bugs.debian.org;
>> 'Klaus Ethgen'
>> Subject: RE: [Logwatch-devel] Bug#849531: Possible security
>> problem,new logwatch sends mails with ch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Am Fr den 30. Dez 2016 um 22:53 schrieb Jason Pyeron:
> You would have the same issue with cat /var/log/x
True. That is the reason I always tell the people not to use cat for
that. (There is only little you should use cat for ever.)
I seen
> -Original Message-
> From: Willi Mann
> Sent: Friday, December 30, 2016 16:21
> To: Klaus Ethgen; 849...@bugs.debian.org
> Cc: logwatch-de...@lists.sourceforge.net
> Subject: Re: [Logwatch-devel] Bug#849531: Possible security
> problem, new logwatch sends mai
son Pyeron [mailto:jpye...@pdinc.us]
> Sent: Friday, December 30, 2016 14:03
> To: Jason Pyeron; 'Willi Mann'; logwatch-de...@lists.sourceforge.net
> Cc: 849...@bugs.debian.org; 849531-forwar...@bugs.debian.org;
> 'Klaus Ethgen'
> Subject: RE: [Logwatch-devel] Bug#849531: Possible security
I have opened https://sourceforge.net/p/logwatch/bugs/56/ .
I am working a test case for this right now.
As I see it, there are 3 paths to test.
Output as STDOUT, file, and email. In each case does an 8bit value (0x00..0xff
unsigned) result in a valid UTF-8 character.
Is binmode(STDOUT,
Bug#849531: Possible security
> problem, new logwatch sends mails with charset UTF-8
>
> Hi Klaus,
>
> can you elaborate how this could be exploited?
It does not make the list at http://unicode.org/reports/tr36/ , but bad utf-8
**may** cause email programs to behave badly. A google
fo
18 matches
Mail list logo
