[Evolution-hackers] CVE-2011-3201 Issue in evolution

2011-09-12 Thread Vibha Yadav
Hi All, I just came across the bug https://bugzilla.redhat.com/show_bug.cgi?id=733504 , CVE-2011-3201 evolution: mailto: attachment parameter can lead to accidental data exfiltration. Going ahead with the blacklist approach in https://bugzilla.redhat.com/show_bug.cgi?id=733504#c8, I am attaching

Re: [Evolution-hackers] CVE-2011-3201 Issue in evolution

2011-09-12 Thread Matthew Barnes
On Mon, 2011-09-12 at 00:40 -0600, Vibha Yadav wrote: I have following list of files to be blacklisted: I know we discussed this already, but just to clarify for others: the blacklist only applies to attach parameters in mailto: URLs. You can still attach any file manually in the composer