A recent announcement of ripMIME 1.2.12 has been superceded with a new release which covers several issues as mentioned in 3APA3A@SECURITY.NNOV.RU's content-exploits analysis post. Specifically, "\0 data poisoning" and "fake-end-of-line termination" (due to fgets()) have been immediately covered. Issues with UTF formatting is still present (although detection of the data content is not affected, as content-scanners should not use the file name as anything more than a subtle-guide). ripMIME is available at http://pldaniels.org/ripmime Regards. -- Paul L Daniels http://www.pldaniels.com Linux/Unix systems Internet Development ICQ#103642862,AOL:cinflex,IRC:inflex A.B.N. 19 500 721 806
