>If the version is 2.4, then it is patched for this bug. Anything >below that is vulnerable. (2.4 is the latest version) Not quite... at least, I hope not, and if the above is not wrong in the following sense then a lot of people would like to know. A distribution I myself called "2.3.new" for lack of a better name (as the distribution file itself was confusingly called 2.3) contains the following appendix in the top-level README: quick security fix. i'm keeping the version 2.3, because changing it requires changing many things. I don't have time! ma_muquitat_private Oct-14-1997 and the 2.4 release seems to be dated 20 Oct, and the "what's new" section of the 2.4 release contains the line "Includes the Buffer Overflow security fix". I assume that this refers to the security fix contained in this temporary security fix version. If not, I'd sure like to know. Since the two dates are only six days apart, probably most people out there on the net are either vulnerable or have version 2.4. However, a large number of the readers of this list may have put the security fix version in place in the interim. So, do we have to upgrade to 2.4 if we have the security fix version? regards, ajr
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:03:24 PDT