From 8246d967bbcf174482ef01b1bf4920a5944b1011 Mon Sep 17 00:00:00 2001 From: David Beer Date: Wed, 13 Nov 2013 10:47:48 -0700 Subject: [PATCH] Use Michael Jenning's patch for CVE 2013-4495 instead of the original. This one is being used because 2.5 should face the minimal possible change. --- src/server/svr_mail.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/server/svr_mail.c b/src/server/svr_mail.c index 26b6dd7..241bdfc 100644 --- a/src/server/svr_mail.c +++ b/src/server/svr_mail.c @@ -372,11 +372,9 @@ void svr_mailowner( exit(1); } - sprintf(cmdbuf, "%s -f %s %s", - + sprintf(cmdbuf, "%s -t -f %s", SENDMAIL_CMD, - mailfrom, - mailto); + mailfrom); outmail = (FILE *)popen(cmdbuf, "w"); -- 1.8.3.2