Richard Massa wrote:
Does the recent Perl::MailTools vulnerability
(http://online.securityfocus.com/advisories/4631) affect RT? Should it
be fine to upgrade to the latest version 1.51?
Upgrading should not affect RT. The vulnerability is in
Mail::Mailer; RT does not use Mail::Mailer itself as far
as I can see. (In fact, it appears that the only part
of the MailTools suite it uses is Mail::Address, which
does not use Mail::Mailer.)
Some contrib scripts (eg, “nag”) might be affected,
however I suspect an exploit via “nag” at least would
be rather difficult.
Phil Homewood, Systems Janitor, www.SnapGear.com
email@example.com Ph: +61 7 3435 2810 Fx: +61 7 3891 3630
SnapGear - Custom Embedded Solutions and Security Appliances