Forum Post
Index > Scribe > Reported Security Vulnerability

Author/Date Reported Security Vulnerability
Jon
11/04/2009 11:51pm
When is there likely to be a fix for the i.scribe security vulnerability reported on a number of sites including

http://www.f-secure.com/vulnerabilities/SA32906
http://secunia.com/advisories/product/20617/
http://www.securityfocus.com/bid/32497

and what level of threat does it really pose?

Otherwise I really like this email client for its simplicity and fast loading.

Sincerely, Jon A.

fret
12/04/2009 4:39am
If I can reproduce a problem of course I''ll fix it. But at the moment I think it''s highly unlikely that users connect to random malicious SMTP servers, they connect to their ISP''s server, which can be trusted to a large degree. There is certainly no need to panic.

I find highly annoying that this is how I find out about it. Seriously if you are going research some security problem and post the results on the net, a coutesy email to the software''s author would be in order right?
Jon
14/04/2009 2:48pm
Thanks - great to know there''s nothing to worry about. Sorry if I offended. It was certainly not intended.

Jon
fret
16/04/2009 1:01am
I''ve fixed the security issue this morning, and will release the fix in the next beta build of v2.00.
Reply