:: Re: [DNG] Different philosophies
Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MKatolaZ at <-
MDidier Kryn at ->
Delete this message
Reply to this message
Author: Rick Moen
Date:  
To: dng
New-Topics: Re: [DNG] Different philosophies (OT)
Subject: Re: [DNG] Different philosophies
Quoting Adam Borowski (kilobyte@???):

> Note: there indeed was one security vulnerability, but it was discovered in
> 2014, while all the "it's dead" brouchacha happened years before.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3618

It's a heap-based buffer overflow in /usr/bin/formail (specifically in
formisc.c). The threat model is a bit far-fetched, IMO. (Normally,
LDA handling only rarely involves formail, which is a filter for munging
messages.)

Distros immediately patched it. AFAIK, basically instead of a
single upstream, there is timely maintenace by various distributions.
Which makes the 'Oh noes! procmail isn't safe!' noises a bit
exaggerated.

https://serverfault.com/questions/876336/is-it-safe-to-use-procmail-in-2017


This message was posted to the following mailing lists:
dng
Mailing List Info | Nearby Messages		<-Re: [DNG] Different philosophiesRe: [DNG] Different philosophies (OT)->

Donate to Dyne.org

dyne.org open discussions
administrated by dyne.org hackers		Lurker (version 2.3)