Bug#304712: [Fwd: Bug#304712: avaMail allows directory traversal in attachments (CAN-2005-1105)]
Joey Hess
Joey Hess <joeyh@debian.org>, 304712@bugs.debian.org
Sat Jun 11 01:54:01 2005
--NzB8fVQJ5HfG6fxh
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Well, what I read in the thread about this is that at least one other
implementation of this API is adding the security check. If apps come to
expect the check to be in the implementation, then they probably won't
also check things themselves.
--=20
see shy jo
--NzB8fVQJ5HfG6fxh
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFCqj7Yd8HHehbQuO8RAqW0AJ9Ra2JsHtBkSX+6QLbIZmPK4ydOTgCePHlw
JYaG+tloU3mf4EAuSSvokMU=
=/hFL
-----END PGP SIGNATURE-----
--NzB8fVQJ5HfG6fxh--