On Sat, Feb 19, 2005 at 01:27:12PM +0100, Thijs Kinkhorst wrote: > One solution to this is just use absolute path names. In that case we know > for sure that the file will be found there and the security hole keeps > being closed. A "real" fix has been made in SquirrelMail 1.2.7 but that's > too much code change for an update to stable. > > Are you ok with this fix?
I review the patch -- it's fine with me, it'll reduce the side effects of the security patch to, I think, zero, therefore closing this one bug. I propose committing this to our subversion repository and preparing a -3, so we can propose it to the security team as being a correction to a security upload that broke things that the fix shouldn't have broken. --Jeroen -- Jeroen van Wolffelaar [EMAIL PROTECTED] (also for Jabber & MSN; ICQ: 33944357) http://Jeroen.A-Eskwadraat.nl -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
