Date: Sat, 02 Jun 2001 12:15:08 -0600 From: Brett Glass <brett@lariat.org> To: security@freebsd.org Subject: FYI Message-ID: <4.3.2.7.2.20010602121447.04a23c00@localhost>
next in thread | raw e-mail | index | archive | help
Date: Fri, 1 Jun 2001 23:28:20 -0700
From: Qpopper Support <qpopper@qualcomm.com>
To: Qpopper Public List <qpopper@lists.pensive.org>,
qpopper-announce@rohan.qualcomm.com
Cc: qpopper@qualcomm.com
Subject: Qpopper 4.0.3 **** Fixes Buffer Overflow ****
Qpopper 4.0.3 is available at
<ftp://ftp.qualcomm.com/eudora/servers/unix/popper/>.
**** 4.0.3 FIXES A BUFFER OVERFLOW PRESENT IN ALL VERSIONS OF 4.0 --
PLEASE UPGRADE IMMEDIATELY ***
Changes from 4.0.2 to 4.0.3:
----------------------------
1. Don't call SSL_shutdown unless we tried to negotiate an
SSL session. (As suggested by Kenneth Porter.)
2. Fix buffer overflow (reported by Gustavo Viscaino).
3. Fixed empty password treated as empty command (patch
submitted by Michael Smith and others).
4. Added patch by Carles Xavier Munyoz to fix erroneous
scanning for \n in getline().
5. Fix from Arvin Schnell for warnings on 64-bit systems.
6. Added patch by Clifton Royston to change error message
for nonauthfile and authfile tests.
7. Added 'uw-kludge' as synonym for 'uw-kluge'.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.7.2.20010602121447.04a23c00>