On Wed, Dec 26, 2018 at 05:20:40PM +0100, Magnus Holmgren wrote: > > CVE-2018-19518[0]: > > | University of Washington IMAP Toolkit 2007f on UNIX, as used in > > | imap_open() in PHP and other products, launches an rsh command (by > > | means of the imap_rimap function in c-client/imap4r1.c and the > > | tcp_aopen function in osdep/unix/tcp_unix.c) without preventing > > | argument injection, > > I'm wondering if anyone would complain if I'd disable RSH (SSH) connections > altogether.
Full ack, that seems like the most sensible fix. Cheers, Moritz