[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4A0A9C86.6010907@outcometechnologies.com>
Date: Wed, 13 May 2009 11:10:14 +0100
From: David Cantrell <d.cantrell@...cometechnologies.com>
To: ascii <ascii@...amail.com>
Cc: Full-Disclosure <full-disclosure@...ts.grok.org.uk>,
Bugtraq <bugtraq@...urityfocus.com>,
Secunia Research <vuln@...unia.com>,
Vulnwatch <vulnwatch@...nwatch.org>,
Vulnerability Information Managers <vim@...rition.org>,
News Securiteam <news@...uriteam.com>
Subject: Re: FormMail 1.92 Multiple Vulnerabilities
ascii wrote:
> FormMail 1.92 Multiple Vulnerabilities ...
The author's own webpage about formmail mentions the NMS project at the
bottom of the page, about which he says:
" While the free code found at my web site has not evolved much in
recent years, the general programming practices and standards of CGI
programs have. nms is an attempt by very active programmers in the
Perl community to bring the *quality of code for these types of
programs up to date and eliminate some of the bad programming
practices and bugs* found in the existing Matt's Script Archive code.
" I would highly recommend downloading the nms versions if you wish to
learn CGI programming. The code you find at Matt's Script Archive is
not representative of how even I would code these days. *My interests
and activies have moved on, however, and I just have not found the
time to update all of my scripts*. One of the major reasons for this
is that they work for many people. For this reason, I will continue to
provide them to the public, but am also *pleased to make you aware of
well-coded alternatives*. "
(my emphasis)
which to me looks like he's already addressed the issue by recommending
that you use NMS formmail if you care about the quality of the code and
any bugs.
--
David Cantrell
Outcome Technologies Ltd
BUPA House, 15-19 Bloomsbury Way, London WC1A 2BA
Registered in England, No: 3829851
Powered by blists - more mailing lists