[hypermail] version 2.1.6 released - fixed security holes

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Peter C. McCluskey <pcm_at_rahul.net_at_hypermail-project.org>
Date: Sat, 25 Jan 2003 22:08:06 -0800 (PST)
Message-Id: <20030126060806.B8F0E2B7DD_at_mauve-new.rahul.net>

A new version 2.1.6 is available in .tar.gz form on sourceforge and hypermail.org, as well as in cvs.
It includes a fix for a buffer overflow that posed a security risk for people using the option progress = 2 (I doubt many people use this), a buffer overflow (boundbuffer in parse.c) that can be made to happen with most configurations (it's unclear whether this posed a security risk). Also, the cgi program called mail that comes with hypermail had a buffer overflow which posed a security risk. This has been fixed, but because this program could easily be abused by spammers the functionality of this program has been disabled and warnings added to deter people from enabling it. I doubt many people are using this program, but if you are using it you should probably stop using it.
--

Peter McCluskey |
http://www.rahul.net/pcm | Received on Sun 26 Jan 2003 08:05:13 AM GMT

This archive was generated by hypermail 2.2.0 : Thu 22 Feb 2007 07:33:54 PM GMT GMT