Security issues in cgiemail:
                         cgilib.c
                         cgilibcso.c
1. Buffer overflow in    cgilibcso, line 185 .. sprintf..

2. "Path disclosure" (picky, picky)
    highlighted by the ifdefs added by debian:

    +++ cgiemail-1.6/cgilib.c
    @@ -483,7 +483,11 @@
           formp->errcond=1;
           strcpy(formp->errmsg, "500 Could not open template");
           cgi_concat_errno(formp->errmsg);
    +#ifdef DISCLOSE_PATHS
           strncpy(formp->errinfo, templatefile, CGI_ERRMSG_MAX);
    +#else
    +      strcpy(formp->errinfo, "Template file could not be accessed.");
    +#endif /* DISCLOSE_PATHS */
           return(1);
         }
     
    @@ -659,7 +663,11 @@
         {
           formp->errcond=1;
           strcpy(formp->errmsg, "403 No variable substitutions in template");
    +#ifdef DISCLOSE_PATHS
           strncpy(formp->errinfo, templatefile, CGI_ERRMSG_MAX);
    +#else
    +      strcpy(formp->errinfo, "Template file doesn't look like a template.");
    +#endif /* DISCLOSE_PATHS */
           return(1);
         }

    --- cgiemail-1.6.orig/debian/README.Debian
    +++ cgiemail-1.6/debian/README.Debian
    @@ -0,0 +1,13 @@
    +README.Debian
    +
    +There is a path disclosure vulnerability in cgiemail.  I have
    +used the C Preprocessor to get rid of it.  If you _want_ to
    +have this vulnerability, download the source and edit cgi.h.in
    +so it defines DISCLOSE_PATHS and it will work.  Compile.
    +Install.  Run wild....
    +
    +
    +have a nice day.
    +--
    +Thomas Smith <tgs@finbar.dyndns.org>


-----------------------
Other TODO:

 - make it handle multipart/form-data POST inputs so we can do file uploads.
this could be a problem with size of data, tmep files, etc. See
outside libs to help, e.g. eCGI at http://global-owl.de/ecgi
and CGIc http://www.fundp.ac.be/sciences/biologie/bms/CGI/cgic.html

- maybe add MIME output explicitly for "attaching" files.