[Esd-l] ANN: Procmail Sanitizer 1.134 released
John D. Hardin
jhardin at impsec.org
Sun Apr 21 16:51:01 PDT 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The procmail sanitizer has been updated. The current version is 1.134
It is available via:
US/WA: http://www.impsec.org/email-tools/procmail-security.html
US/FL: http://stonewall.lbhs.net/~jhardin/email-tools/procmail-security.html
EU/NO: http://jhardin.oftedal.no/email-tools/procmail-security.html
EU/NL: http://kanon.net/~jhardin/email-tools/procmail-security.html
AU: http://grebopple.accessunited.com.au/email-tools/procmail-security.html
AU: http://impsec.fuzzitech.net/email-tools/procmail-security.html
Direct links to the current tarball:
US/WA: http://www.impsec.org/email-tools/procmail-sanitizer.tar.gz
US/FL: http://stonewall.lbhs.net/~jhardin/email-tools/procmail-sanitizer.tar.gz
EU/NO: http://jhardin.oftedal.no/email-tools/procmail-sanitizer.tar.gz
EU/NL: http://kanon.net/~jhardin/email-tools/procmail-sanitizer.tar.gz
AU: http://grebopple.accessunited.com.au/email-tools/procmail-sanitizer.tar.gz
AU: http://impsec.fuzzitech.net/email-tools/procmail-sanitizer.tar.gz
- From the changelog:
Customize the MTA command line, to allow for newer sendmail command
line options and non-sendmail MTAs: $MTA_FLAGS_CMDLN and
$MTA_FLAGS_HDRS.
Mangle MIME types in deferred headers if appropriate.
Improve encoded-filename handling.
Set Errors-To: header.
Put the version number in the $NOTIFY message.
Fix no-LOGFILE-breaks-UUE-sanitization bug.
Defang quotes-in-extension Outlook attack.
Add WMA and WMV to mangled executable extensions, per bugtraq.
Fix trailing periods in addition to trailing whitespace - Windows drops
trailing periods from filenames without warning.
Work around memory allocation error in procmail v3.22.
Add the OnContextMenu and OnDragStart events to HTML
defanger.
Improved recipient address parsing for logs and bounce messages.
Minor procmail efficiency enhancements.
The sanitizer home page is at
http://www.impsec.org/email-tools/procmail-security.html
The archive of the sanitizer discussion list is at
http://www.spconnect.com/mailman/listinfo/esd-l
-----BEGIN PGP SIGNATURE-----
Version: PGP 5.0
Charset: noconv
iQA/AwUBPMNBXtgi5ua4cy55EQKhywCeOf23VYKrdcJw0rOlz68FJqpRt1cAoOqR
cNtpFLkOi3f2xlITlqmaV/+p
=dHQK
-----END PGP SIGNATURE-----
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org pgpk -a jhardin at wolfenet.com
768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
"They [media giants] have no idea how to do business with resourceful
human beings rather than passive vegetables. So they run to [the]
government for protection."
-- Doc Searls on the SSSCA, in Linux Journal
-----------------------------------------------------------------------
926 days until the Presidential Election
More information about the esd-l
mailing list