[dev] Draft release announcement for 2.2.4
Brent J. Nordquist
bjn@horde.org
Thu, 1 Feb 2001 09:32:05 -0600 (CST)
On Thu, 1 Feb 2001, Chuck Hagenbuch <chuck@horde.org> wrote:
> I'd like to see this read "Administrators of IMP 2.2.x productions systems who
> have enabled reading HTML email are ...", since we do have it disabled by
> default.
But the vulnerability is there for all sites if the user opens the
attachment by clicking the link. Then the attacker uses a body like "Hey,
check out this really cool attachment!"
--
Brent J. Nordquist <bjn@horde.org>
Yahoo!: Brent_Nordquist / AIM: BrentJNordquist / ICQ: 76158942
>From chuck@horde.org Date: Thu, 1 Feb 2001 10:39:58 -0500
Return-Path: <chuck@horde.org>
Mailing-List: contact dev-help@lists.horde.org; run by ezmlm
Delivered-To: mailing list dev@lists.horde.org
Received: (qmail 35039 invoked from network); 1 Feb 2001 15:40:50 -0000
Received: from r94aag005136.sbo-smr.ma.cable.rcn.com (HELO marina.horde.org) (209.6.192.126)
by horde.org with SMTP; 1 Feb 2001 15:40:50 -0000
Received: by marina.horde.org (Postfix, from userid 33)
id 63F2C39F5; Thu, 1 Feb 2001 10:39:58 -0500 (EST)
Received: from 206.243.191.252 ( [206.243.191.252])
as user chuck@marina by marina.horde.org with HTTP;
Thu, 1 Feb 2001 10:39:58 -0500
Message-ID: <981041998.3a79834e2bc00@marina.horde.org>
Date: Thu, 1 Feb 2001 10:39:58 -0500
From: Chuck Hagenbuch <chuck@horde.org>
To: dev@lists.horde.org
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 8bit
User-Agent: Internet Messaging Program (IMP) 2.3.7-cvs
Subject: Re: [dev] Draft release announcement for 2.2.4
Quoting "Brent J. Nordquist" <bjn@horde.org>:
> But the vulnerability is there for all sites if the user opens the
> attachment by clicking the link. Then the attacker uses a body like "Hey,
> check out this really cool attachment!"
The default configuration is to not even make the attachment clickable, which
is why I mentioned this, but unfortunately there was another case uncommented
which overrode that. So leave it the way you had it.
-chuck
--
Charles Hagenbuch, <chuck@horde.org>
"My intuitive grasp of math often leads me astray." -Me
>From chuck@horde.org Date: Thu, 1 Feb 2001 11:52:47 -0500
Return-Path: <chuck@horde.org>
Mailing-List: contact dev-help@lists.horde.org; run by ezmlm
Delivered-To: mailing list dev@lists.horde.org
Received: (qmail 45999 invoked from network); 1 Feb 2001 16:53:41 -0000
Received: from r94aag005136.sbo-smr.ma.cable.rcn.com (HELO marina.horde.org) (209.6.192.126)
by horde.org with SMTP; 1 Feb 2001 16:53:41 -0000
Received: by marina.horde.org (Postfix, from userid 33)
id E530A3CA9; Thu, 1 Feb 2001 11:52:47 -0500 (EST)
Received: from 206.243.191.252 ( [206.243.191.252])
as user chuck@marina by marina.horde.org with HTTP;
Thu, 1 Feb 2001 11:52:47 -0500
Message-ID: <981046367.3a79945fa188a@marina.horde.org>
Date: Thu, 1 Feb 2001 11:52:47 -0500
From: Chuck Hagenbuch <chuck@horde.org>
To: dev@lists.horde.org
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 8bit
User-Agent: Internet Messaging Program (IMP) 2.3.7-cvs
Subject: Re: [dev] saving to draft behavior
Quoting Michael Bull <mbull@uoguelph.ca>:
> With a new user who doesn't have the drafts_folder preference set, if they
> go and write a message and then click "Save as Draft", the message
> vanishes.
>
> If I go into preferences, I will see it try and show me by default the
> drafts folder in the picklist. However, if I don't click to update
> preferences, it doesn't get set despite appearing as a set preference on
> the preferences menu.
I'm a little confused as to what you're describing. I deleted my drafts_folder
preference, and it just got set to the default from config/prefs.php... If the
drafts folder doesn't exist, we weren't throwing a message, but I've just fixed
that and will commit it in a second.
-chuck
--
Charles Hagenbuch, <chuck@horde.org>
"My intuitive grasp of math often leads me astray." -Me
>From anil@recoil.org Date: Thu, 1 Feb 2001 17:26:05 +0000
Return-Path: <anil@recoil.org>
Mailing-List: contact dev-help@lists.horde.org; run by ezmlm
Delivered-To: mailing list dev@lists.horde.org
Received: (qmail 48986 invoked from network); 1 Feb 2001 17:26:07 -0000
Received: from total.recoil.org (212.25.240.40)
by horde.org with SMTP; 1 Feb 2001 17:26:07 -0000
Received: (qmail 25753 invoked by uid 99); 1 Feb 2001 17:26:05 -0000
Received: from nightman.office.ivision.co.uk ( [nightman.office.ivision.co.uk])
as user avsm@localhost by horde.recoil.org with HTTP;
Thu, 1 Feb 2001 17:26:05 +0000
Message-ID: <981048365.3a799c2dbff86@horde.recoil.org>
Date: Thu, 1 Feb 2001 17:26:05 +0000
From: Anil Madhavapeddy <anil@recoil.org>
To: dev@lists.horde.org
References: <200102011705.NAA03230@athena.chebucto.ns.ca>
In-Reply-To: <200102011705.NAA03230@athena.chebucto.ns.ca>
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 8bit
User-Agent: Internet Messaging Program (IMP) 2.3.6-cvs
Subject: Re: [bugs] [Bug 587] Changed - SBC Pussy Is The Best In The World!!!
Quoting bugs@bugs.horde.org:
> AssignedTo: SOYP@webtv.net
> ReportedBy: ozyman@online.fr
> URL: imp.free.fr
> ! Summary: SBC Pussy Is The Best In The World!!!
>
> French corrector orthograhy has return a error! warning error:
> Warning: Uninitialized variable or array index or property (message)
>
Uh ... ?
--
Anil Madhavapeddy, <anil@recoil.org>