lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 13 May 2009 11:10:14 +0100 From: David Cantrell <d.cantrell@...cometechnologies.com> To: ascii <ascii@...amail.com> Cc: Secunia Research <vuln@...unia.com>, News Securiteam <news@...uriteam.com>, Vulnerability Information Managers <vim@...rition.org>, Full-Disclosure <full-disclosure@...ts.grok.org.uk>, Bugtraq <bugtraq@...urityfocus.com>, Vulnwatch <vulnwatch@...nwatch.org> Subject: Re: FormMail 1.92 Multiple Vulnerabilities ascii wrote: > FormMail 1.92 Multiple Vulnerabilities ... The author's own webpage about formmail mentions the NMS project at the bottom of the page, about which he says: " While the free code found at my web site has not evolved much in recent years, the general programming practices and standards of CGI programs have. nms is an attempt by very active programmers in the Perl community to bring the *quality of code for these types of programs up to date and eliminate some of the bad programming practices and bugs* found in the existing Matt's Script Archive code. " I would highly recommend downloading the nms versions if you wish to learn CGI programming. The code you find at Matt's Script Archive is not representative of how even I would code these days. *My interests and activies have moved on, however, and I just have not found the time to update all of my scripts*. One of the major reasons for this is that they work for many people. For this reason, I will continue to provide them to the public, but am also *pleased to make you aware of well-coded alternatives*. " (my emphasis) which to me looks like he's already addressed the issue by recommending that you use NMS formmail if you care about the quality of the code and any bugs. -- David Cantrell Outcome Technologies Ltd BUPA House, 15-19 Bloomsbury Way, London WC1A 2BA Registered in England, No: 3829851 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists