kfx writes:
Hi list,following the Gentoo's advisory ( http://www.gentoo.org/security/en/glsa/glsa-200704-18.xml ), it is said that courier-imap 4.0.6-r2 and below has a vulnerability with XMAILDIR variable leading to shell command injection. If I've installed
There's no such thing as an "XMAILDIR" variable in Courier-IMAP.Reading the bugreport further, it's apparent that this is some Gentoo-specific bullsh1t that they pollute my source code with, entirely on their own initiative, and for no good reason.
"courier-imap-4.0.6.tar.bz2" from the courier's site), am I affected by this ? I mean the -r2 in 4.0.6-r2 is for something like "release candidate" so I shouldn't worry ?
It means that you should not complain here about Gentoo-specific, and Gentoo-originated bugs.
Go take it up with them.
pgp1EAi3mlhHf.pgp
Description: PGP signature
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
_______________________________________________ Courier-imap mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
