On Fri, Feb 13, 2015 at 07:48:07PM +0100, Salvatore Bonaccorso wrote: > This issue has got CVE-2014-9681 assigned.
Hmm. Does this mean we have to "fix" it, no matter what? I repeat: The "attacker" needs the ability to write your .procmailrc file to "exploit" this, buf if that's the case, there are literally *tons* of other ways a file may be read via .procmailrc. Really, calling this a "vulnerability in procmail" is pure nonsense. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

