Sam Varshavchik wrote: > > And is Courier affected by the “follow-up” CVE-2014-7169? > > I don't think the follow-up exploit is in scope. To use the follow-up > explot, so far, you need to somehow stuff the ">" character into an > email address. > > This is going to be a problem, since the > character terminates the > MAIL FROM or the RCPT TO command. So, I'm not worried about it.
courier accepts CVE-2014-7169 poc in the EHLO ------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
