>If the version is 2.4, then it is patched for this bug. Anything
>below that is vulnerable. (2.4 is the latest version)
Not quite... at least, I hope not, and if the above is not wrong in the
following sense then a lot of people would like to know.
A distribution I myself called "2.3.new" for lack of a better name (as the
distribution file itself was confusingly called 2.3) contains the following
appendix in the top-level README:
quick security fix. i'm keeping the version 2.3, because changing it
requires changing many things. I don't have time!
ma_muquitat_private
Oct-14-1997
and the 2.4 release seems to be dated 20 Oct, and the "what's new" section of
the 2.4 release contains the line "Includes the Buffer Overflow security fix".
I assume that this refers to the security fix contained in this temporary
security fix version. If not, I'd sure like to know.
Since the two dates are only six days apart, probably most people out there on
the net are either vulnerable or have version 2.4. However, a large number of
the readers of this list may have put the security fix version in place in the
interim.
So, do we have to upgrade to 2.4 if we have the security fix version?
regards,
ajr
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:03:24 PDT