lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4A0A9C86.6010907@outcometechnologies.com>
Date: Wed, 13 May 2009 11:10:14 +0100
From: David Cantrell <d.cantrell@...cometechnologies.com>
To: ascii <ascii@...amail.com>
Cc: Secunia Research <vuln@...unia.com>, News Securiteam <news@...uriteam.com>,
	Vulnerability Information Managers <vim@...rition.org>,
	Full-Disclosure <full-disclosure@...ts.grok.org.uk>,
	Bugtraq <bugtraq@...urityfocus.com>, Vulnwatch <vulnwatch@...nwatch.org>
Subject: Re: FormMail 1.92 Multiple Vulnerabilities

ascii wrote:

> FormMail 1.92 Multiple Vulnerabilities  ...

The author's own webpage about formmail mentions the NMS project at the 
bottom of the page, about which he says:

" While the free code found at my web site has not evolved much in
   recent years, the general programming practices and standards of CGI
   programs have. nms is an attempt by very active programmers in the
   Perl community to bring the *quality of code for these types of
   programs up to date and eliminate some of the bad programming
   practices and bugs* found in the existing Matt's Script Archive code.

" I would highly recommend downloading the nms versions if you wish to
   learn CGI programming. The code you find at Matt's Script Archive is
   not representative of how even I would code these days. *My interests
   and activies have moved on, however, and I just have not found the
   time to update all of my scripts*. One of the major reasons for this
   is that they work for many people. For this reason, I will continue to
   provide them to the public, but am also *pleased to make you aware of
   well-coded alternatives*. "

(my emphasis)

which to me looks like he's already addressed the issue by recommending 
that you use NMS formmail if you care about the quality of the code and 
any bugs.

-- 
David Cantrell
Outcome Technologies Ltd
BUPA House, 15-19 Bloomsbury Way, London WC1A 2BA
Registered in England, No: 3829851

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ