[23438] in bugtraq
Re: Vulnerabilities in PGPMail.pl
daemon@ATHENA.MIT.EDU (Markus Bertheau)
Sat Dec 8 04:38:40 2001
From: Markus Bertheau <twanger@bluetwanger.de>
To: joetesta@hushmail.com
Cc: bugtraq@securityfocus.com, jscimone@cc.gatech.edu
In-Reply-To: <200111300345.fAU3jcV25848@mailserver2b.hushmail.com>
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature";
boundary="=-bFj1VfiIr2OUA1qMBcOS"
Date: 07 Dec 2001 13:13:14 +0100
Message-Id: <1007727195.1087.2.camel@entwicklung01.cenes.de>
Mime-Version: 1.0
--=-bFj1VfiIr2OUA1qMBcOS
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
On Fri, 2001-11-30 at 04:45, joetesta@hushmail.com wrote:
> > # The PGP user id must be passed via command line, so make sure
> > # that only legal characters are present. Fixed by Joe Testa
> > # (joetesta@hushmail.com).
> > $theUserID =3D $CONFIG{'pgpuserid'};
> > $theUserID =3D~ /([a-zA-Z0-9]+)/;
> > $theUserID =3D $1;
> > $ret_val =3D open (PGP, "|$pgpprog -fea +VERBOSE=3D0 \"$CONFIG{$t=
heUserID}\" > $pgptmp");
must be
$ret_val =3D open (PGP, "|$pgpprog -fea +VERBOSE=3D0 \"$theUserID\" >
$pgptmp");
Markus Bertheau
--=-bFj1VfiIr2OUA1qMBcOS
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQA8ELJZKNEjAb345r4RAl4vAJ4znKeB7qXs+M2R+DbJdd0u7V9HzgCglXWe
Pw7Hy+2TF6v7ofgyEDAFnWs=
=7yaZ
-----END PGP SIGNATURE-----
--=-bFj1VfiIr2OUA1qMBcOS--
