Re: Security vulnerability in APOP authentication

To: mutt-dev@xxxxxxxx
Subject: Re: Security vulnerability in APOP authentication
From: Matthias Andree <matthias.andree@xxxxxx>
Date: Sat, 24 Mar 2007 11:20:32 +0100
In-reply-to: <20070318173604.GA6108@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx> (Rocco Rutte's message of "Sun\, 18 Mar 2007 17\:36\:04 +0000")
List-unsubscribe: <mailto:mutt-dev-request@mutt.org?Subject="Unsubscribe Mutt Dev"?body=unsubscribe>
References: <qlkveh36fm7.fsf@xxxxxxxxxxxxxx> <20070315103349.GB9831@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <m3zm6b2tlu.fsf@xxxxxxxxxxxxxxxxxxxx> <20070318173604.GA6108@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: owner-mutt-dev@xxxxxxxx
User-agent: Gnus/5.110006 (No Gnus v0.6) Emacs/21.3 (gnu/linux)

Rocco Rutte <pdmef@xxxxxxx> writes:

> I was looking at some mutt code for this issue and other issues that
> report broken threading upon invalid message-ids. It seems that mutt
> happily accepts the following syntax: '<.*>' which is just plain
> wrong.

If that was supposed to be a basic regexp rather than a literal example,
same story for fetchmail up to and including 6.3.8-rc1, and fixed in
-rc2.

-- 
Matthias Andree

References:
- Security vulnerability in APOP authentication
  - From: Gaëtan LEURENT
- Re: Security vulnerability in APOP authentication
  - From: Rocco Rutte
- Re: Security vulnerability in APOP authentication
  - From: Matthias Andree
- Re: Security vulnerability in APOP authentication
  - From: Rocco Rutte

Prev by Date: mutt: new changeset
Next by Date: Re: What happened to strict_mime?
Previous by thread: Re: Security vulnerability in APOP authentication
Next by thread: #2846: Security vulnerability in APOP authentication
Index(es):
- Date
- Thread