Re: [Mutt] #2846: Security vulnerability in APOP authentication

#2846: Security vulnerability in APOP authentication Comment (by brendan): (In [3d1d7f6cf693]) Validate msgid in APOP authentication. Closes #2846 -- Ticket URL:

Re: [Mutt] #2846: Security vulnerability in APOP authentication

#2846: Security vulnerability in APOP authentication Comment (by Matthias Andree): {{{ Brendan Cully <[EMAIL PROTECTED]> writes: >> May I again offer to use my code here which I deem a *COMPLETE* >> RFC822-validation: >> >

Re: [Mutt] #2846: Security vulnerability in APOP authentication

#2846: Security vulnerability in APOP authentication Comment (by Brendan Cully): {{{ On Saturday, 07 April 2007 at 21:22, Matthias Andree wrote: > Brendan Cully <[EMAIL PROTECTED]> writes: > > > On Sunday, 18 March 2007 at 17:36, Rocco Rutte wrote: > >> I was looking at some mutt code for

Re: [Mutt] #2846: Security vulnerability in APOP authentication

#2846: Security vulnerability in APOP authentication Changes (by brendan): * status: new => closed * resolution: => fixed -- Ticket URL:

Re: [Mutt] #2846: Security vulnerability in APOP authentication

#2846: Security vulnerability in APOP authentication Comment (by brendan): From the BNR, 0-31 appears to be legal when quoted in the local part. As long as the current MD5 collision generators need characters above 127, I think this is OK. -- Ticket URL:

Re: [Mutt] #2846: Security vulnerability in APOP authentication

#2846: Security vulnerability in APOP authentication Comment (by Rocco Rutte): {{{ Hi, * Brendan Cully [07-04-02 15:31:14 -0700] wrote: >On Sunday, 18 March 2007 at 17:36, Rocco Rutte wrote: >> I was looking at some mutt code for this issue and other issues that >> report broken threadi

Re: [Mutt] #2846: Security vulnerability in APOP authentication

#2846: Security vulnerability in APOP authentication Comment (by Brendan Cully): {{{ On Sunday, 18 March 2007 at 17:36, Rocco Rutte wrote: > I was looking at some mutt code for this issue and other issues that > report broken threading upon invalid message-ids. It seems that mutt > happil

Re: [Mutt] #2846: Security vulnerability in APOP authentication

#2846: Security vulnerability in APOP authentication Changes (by brendan): * component: mutt => POP -- Ticket URL:

mutt/2846: Security vulnerability in APOP authentication

>Number: 2846 >Notify-List: >Category: mutt >Synopsis: Security vulnerability in APOP authentication >Confidential: no >Severity: serious >Priority: high >Responsible:mutt-dev >State: open >Keywords: >Class: sw-bug >Submitter-Id: