Bug#304712: avaMail allows directory traversal in attachments
(CAN-2005-1105)
Javier Serrano Polo
jasp00 at terra.es
Tue Apr 24 13:32:49 UTC 2007
The JavaMail spec is clear enough about what should (must) do the
implementation. As Chris already said, it returns the actual message
content. Security isn't handled in this step. Any implementation
altering this value doesn't follow the spec. Any application relying on
extra security checks would be based on a implementation (defeating the
portability goal), not on the API.
This bug should be closed.
More information about the pkg-java-maintainers
mailing list