Re: Horde library Bug part 2

[John Riddoch <jr () scms rgu ac uk>]

> Fix:            Best solution would be generally not to pass vars to
>                popen(), but rather opening the pipe to Sendmail by calling
>                popen("$default->path_to_Sendmail -t)
>                and putting all available information into the mail header.
>                This requires some extra checking and converting, but
>                secures the system a lot.

There's an update available which should be a more complete fix; from
http://horde.org/imp :

The Horde team announces the availability of IMP 2.2.2 -- this version is
"part 2" to a security vulnerability present in 2.2.0 (and earlier "pre"
releases) that was only partially fixed in 2.2.1. Users of IMP 2.2 on
production systems are STRONGLY ENCOURAGED to upgrade.


--
John Riddoch    Email: jr () scms rgu ac uk     Telephone: (01224)262721
http://www.scms.rgu.ac.uk/staff/jr/
Theists think all gods but theirs are false.  Atheists simply don't make
an exception for the last one.