[exim-dev] [Bug 3066] tainted search query is not properly q…

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Exim Bugzilla
Date:  
À: exim-dev
Sujet: [exim-dev] [Bug 3066] tainted search query is not properly quoted discloses mysql password
https://bugs.exim.org/show_bug.cgi?id=3066

--- Comment #3 from Jeremy Harris <jgh146exb@???> ---
You really do have to move to the new syntax if you need a per-lookup
server spec, as otherwise the entire string in the braces enclosing the
query becomes tainted by the use of the tainted data parts of it.
That includes the server spec, and we do not permit use of a tainted one.

This is why the new syntax was introduced, in 4.94, moving the server spec
outside
those braces. This bug becomes moot.

--
You are receiving this mail because:
You are on the CC list for the bug.

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-dev.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-dev-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/