On Fri, Feb 13, 2015 at 07:48:07PM +0100, Salvatore Bonaccorso wrote:
> This issue has got CVE-2014-9681 assigned.

Hmm. Does this mean we have to "fix" it, no matter what?

I repeat: The "attacker" needs the ability to write your .procmailrc
file to "exploit" this, buf if that's the case, there are literally
*tons* of other ways a file may be read via .procmailrc.

Really, calling this a "vulnerability in procmail" is pure nonsense.


-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to