[rt-users] Perl::Mailtools vulnerability
Phil Homewood
pdh at snapgear.com
Fri Nov 15 19:31:21 EST 2002
Richard Massa wrote:
> Does the recent Perl::MailTools vulnerability
> (http://online.securityfocus.com/advisories/4631) affect RT? Should it
> be fine to upgrade to the latest version 1.51?
Upgrading should not affect RT. The vulnerability is in
Mail::Mailer; RT does not use Mail::Mailer itself as far
as I can see. (In fact, it appears that the only part
of the MailTools suite it uses is Mail::Address, which
does not use Mail::Mailer.)
Some contrib scripts (eg, "nag") might be affected,
however I suspect an exploit via "nag" at least would
be rather difficult.
--
Phil Homewood, Systems Janitor, www.SnapGear.com
pdh at snapgear.com Ph: +61 7 3435 2810 Fx: +61 7 3891 3630
SnapGear - Custom Embedded Solutions and Security Appliances
More information about the rt-users
mailing list