From: Mark M. <Mar...@ij...> - 2003-06-24 10:21:12
|
Sam, | For some reason the patch failed. Seems the line numbers didn't match the | amavisd file I had even the one from the tarball. So I've applied the changes | manually. Ok. Sorry for line numbers mismatch, I made a diff against my current code. | The result being that it fixed the problem and the insecure | dependency error has gone. Thanks muchly. | Is this a workaround for a perl bug or was there actually a tainted | variable there? This one was a genuine tainted variable, not a workaround for a perl bug. With amavisd-new-20030616 the taintedness is intentionally carried into program flow much deeper - previously untaintaing was done at several places unintentionaly way too early (like in other variants of amavis*). Perl taint checking is now a better safety net then before. The problem you discovered way one piece of code where I didn't take care of the change. Mark |