On Mar 28, 2007, at 1:03 PM, Mark James wrote:
Chris, do you have the inclination to submit the bug report?
If you aren't going to, then I might as well.
I don't think this would get fixed for Leopard, but maybe. It would
have
to be soon, however. I think they are code freezing major portions of
Leopard already.
The trick might be figuring out how to claim it can be a security
threat because the name can be turned into something other than what
it was planned to be, thus they may release it as part of a security
patch that repairs older versions of Mail at the same time.
Of course the problem with this is, in my brief scanning of the RFCs
it looks like the whole name attribute has been replaced by the
filename attribute and is only there for legacy support. Legacy
support becomes difficult to claim is a security threat as even if it
can be exploited, chances are the malicious action won't work anyway
on whatever platform/program would be exploitable.
-chris
<www.mythtech.net>
___________________________________________________________________________
To unsubscribe send a mail message with a SUBJECT line of "unsubscribe" to
<[EMAIL PROTECTED]> or <[EMAIL PROTECTED]>
