On sön, 2008-12-14 at 19:13 +0100, Florian Weimer wrote: > A problem has been fixed, right, but not necessarily the correct > one. 8-/ > > In the meantime, I've received data from another attack (again without > POST data, unfortunately). But in that case, the time stamps match
In my case, the first outgoing mail in the spambomb started exactly 2 minutes 10 seconds after the third POST. > up, so I'm inclined to believe that the issue is indeed in > html2text.php, and precisely the one fixed by upstream (there doesn't > seem to be any other vector in that script). If you want something to investigate, both moodle and horde3 have "html2text.php" files, although different - they both use the e modifier together with preg_replace. -- Regards, Andreas Henriksson -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
