On Mon, 13 May 2002 17:14:03 +0100, Drieux wrote:
> On Monday, May 13, 2002, at 08:52 , Kevin Meltzer wrote: > >> try the rewrite from NMS: >> >> http://nms-cgi.sourceforge.net/ >> >> Cheers, >> Kevin > > which version of the code is the 'problem' version? > > what is the current specific 'security' issue? > > there was a security update to v1.92 on 04/21/02 has there been some new > issue arise??? since then? Matt's version 1.92 fixes all of the spam relay problems with FormMail. There are, I believe, a couple of Cross-Site Scripting vunerabilities remaining. However secure this version is, it's still written for Perl for and doesn't use "strict", "-w", taint mode or CGI.pm. It's a really bad example of Perl code and I wouldn't want anyone to see the source and think they can learn Perl from it. Dave... -- ...she opened strange doors that we'd never close again -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]