Re: Serious information leak in Ximian Evolution
The discussion about this bug can be found in the Debian BTS.
The page of this bug is http://bugs.debian.org/177282
A short summary:
- If Evolution uses SMTP, everything's OK.
- If Evolution uses Exim's local sendmail, it probably
forgets to add the -t flag, so Exim just sends
the mail, without tampering with the headers.
- I have no idea what other MTA's do, but Exim's behavior
seems to be correct in the light of the relevant RFCs
- Evolution 1.0.5 (both in Woody and Sarge) is using
sendmail the Right Way, this bug is only appearing in the
1.2.1 version. (Which is supposed to be stable, according
to Ximian.)
See the details in the BTS.
Best wishes
--
Csillag Kristóf <fenwick@freemail.hu>
Reply to: