CHRS: CP437 2   
   MSGID: 2:240/8002@fidonet 5a68b741   
   PID: MBSE-BBS 1.0.7.20 (GNU/Linux-x86_64)   
   TZUTC: 0100   
   TID: MBSE-FIDO 1.0.7.17 (GNU/Linux-x86_64)   
   Hi Andrew,   
      
   One of my users has found and reported to me another issue with regards to   
   reading / listing private messages. While the fix in commit [942e85] works for   
   local, private echos, it does not take into account the possibillity of two   
   users having the same name (e.g. "Tom Smith") but different AKAs. Since the    
   fix   
   in [942e85] does not check the From / To addresses this may lead to the   
   possibility of a user"Tom Smith@1:2/3" reading and being able to list messages   
   for "Tom Smith@3:4/5".   
      
   I've already fixed the if (..) statments in mail.c (lines 1116, 1258 and 1909)   
   and will provide a proper pull request in the next few days. I just wanted to   
   inform you that there is still a security issue and that there is work being   
   done to fix it.   
      
   Kind regards,   
   Niels                                            
      
       Greetings, Niels Haedecke   
      
   --- MBSE BBS v1.0.7.20 (GNU/Linux-x86_64)   
    * Origin: Wintermute BBS - Duesseldorf, Germany (2:240/8002)   
   SEEN-BY: 1/123 18/200 90/1 103/705 105/81 120/340 123/131 124/5016   
   SEEN-BY: 154/10 203/0 221/0 1 226/30 227/114 229/101 275 424 426 452   
   SEEN-BY: 229/550 664 1016 240/1120 1254 1634 1895 5411 5832 5853 6309   
   SEEN-BY: 240/8001 8002 8005 249/206 317 400 261/38 280/464 1049 5003   
   SEEN-BY: 280/5006 288/100 292/854 8125 310/31 313/41 317/3 320/219   
   SEEN-BY: 322/757 335/364 342/200 396/45 423/120 633/280 712/848 770/1   
   SEEN-BY: 2452/250   
   PATH: 240/8002 1120 280/5003 464 240/5832 229/426