Email or username:

Password:

Forgot your password?
Top-level
Jørn

@jwildeboer The postfix CVE is NOT filed by the postfix project. The project writes on their page about SMTP smuggling that the CVE is incorrect.

It is indeed incorrect; the CVE states that it’s possible to send mails that appear to originate from a postfix system. This is not the case.

1 comment
Jan Wildeboer 😷:krulorange:

@jornane Wietse also says on that page that he has sent corrections to the person that filed the CVE, so I guess/hope that will be fixed soon. UPDATE: the CVE has been fixed and now describes the problem in better ways.

Go Up