RFC2368 security patch status (Re: CVE-2006-3242 and a new mutt release)
* Wed Jul 12 2006 Vincent Lefevre <vincent@xxxxxxxxxx>
> Also, what's the status of the rfc2368sec patch?
I have been using rfc2368sec.5 for nearly one year
and I have not found a bug in it.
IIRC, Thomas prefers rfc2368sec.4:
It is not an obvious bug fix, but I quote the RFC again:
| 4. Unsafe headers
| The user agent interpreting a mailto URL SHOULD choose not to create
| a message if any of the headers are considered dangerous; it may also
| choose to create a message with only a subset of the headers given in
| the URL. Only the Subject, Keywords, and Body headers are believed
| to be both safe and useful.