Skip Menu |

This queue is for tickets about the MIME-Lite CPAN distribution.

Report information
The Basics
Id: 22146
Status: new
Priority: 0/
Queue: MIME-Lite

People
Owner: Nobody in particular
Requestors: PURDY [...] cpan.org
Cc:
AdminCc:

Bug Information
Severity: Important
Broken in: 3.01
Fixed in: (no value)



Subject: Insecure dependency with send_by_sendmail under taint mode
Running this basic test script: #!/usr/bin/perl -wT use MIME::Lite; $data = 'This is just a test'; $ENV{'PATH'} = '/bin:/usr/bin:/usr/local/bin'; $msg = MIME::Lite->new( To => 'dktest@example.com', From => 'jason@example.com', 'Reply-To' => 'jason@example.com', Data => $data, Subject => 'This is a test - please disregard', ); $msg->send_by_sendmail( FromSender => 'bounce+4+1+7@www.example.com', ); print "Done.\n"; Results in this message: Insecure dependency in exec while running with -T switch at /usr/local/share/perl/5.8.4/MIME/Lite.pm line 2568. error closing /usr/lib/sendmail: (exit 65280)