- Messages bound for bounce addresses may be stored into bounce/ directory, even if they are related to the e-mail not subscribing to the list.  The directory may be filled in by unwanted messages.
- Only envelope IDs in DSN messages are considered but original recipients are not.  As a result, attacker can easily overwrite tracking database by using messages with arbitrary envelope IDs.

Those problems are mitigated by checking if both original recipient and (in case of tracking) envelope ID are valid, then rejecting unknown emails/IDs.


git-svn-id: https://subversion.renater.fr/sympa/branches/sympa-6.2-branch@12315 05aa8bb8-cd2b-0410-b1d7-8918dfa770ce