Red Hat Bugzilla – Bug 223648
squirrelmail ships with .orig files
Last modified: 2007-11-30 17:11:53 EST
Description of problem:
squirrelmail ships with several .orig files resulting from offsets when applying
$ rpm -qlp squirrelmail-1.4.8-3.fc6.noarch.rpm | grep .orig
This doesn't cause any problems, it just looks bad. The attached patch got rid
of them here.
Version-Release number of selected component (if applicable):
Created attachment 146078 [details]
Patch to get rid of the files
> This doesn't cause any problems, it just looks bad.
Just as I hit commit, I realized that these files can be used to exploit the
vulnerabilities the patches are meant to address.
Are you sure they can be?
I haven't tried exploiting it, but the files are accessible and do create the
expected output. Try accessing e.g. /webmail/src/right_main.php.orig.