I committed a patch to prevent any dangerous values from being execed in the
popen call to `cvs'.
http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/cvs-syncmail/syncmail/syncmail
Curiously, the commit hasn't been mailed to cvs-syncmail-talk by syncmail
yet... :-)
Regards,
Zooko
---
zooko.com
Security and Distributed Systems Engineering
---
|
