-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > > Qpopper 4.0.3 is available at > <ftp://ftp.qualcomm.com/eudora/servers/unix/popper/>. > > > **** 4.0.3 FIXES A BUFFER OVERFLOW PRESENT IN ALL VERSIONS OF 4.0 -- > PLEASE UPGRADE IMMEDIATELY *** We hope that this information is accurate. Version 4.0.2 is not on the ftp server any more, and there is no patch from 4.0.2 to 4.0.3. We currently feel handicapped in our efforts to check the code for the changes wrt the buffer overflow. SuSE ships qpopper versions 2.53 (with a set of patches that include security fixes for this version) for SuSE-6.3, 6.4 and 7.0, SuSE-7.1 and the upcoming SuSE-7.2 release have version 3.1.2. If the above statement is right, then SuSE distributions are not vulnerable. However, we wish to double-check such a claim. All kinds of verification and transparency are welcome, including an official statement from Qualcomm (thanks in advance!). > Changes from 4.0.2 to 4.0.3: > ---------------------------- > 1. Don't call SSL_shutdown unless we tried to negotiate an > SSL session. (As suggested by Kenneth Porter.) > 2. Fix buffer overflow (reported by Gustavo Viscaino). Thank you, Roman Drahtmüller, SuSE Security. - -- - - | Roman Drahtmüller <drahtat_private> // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) | - - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: http://www.suse.de/ iEYEARECAAYFAjsdDlkACgkQnkDjEAAKq6RVAQCgmAZJGKq6v4J9kjznUy+tlZzm j3EAoMyrDlRtE8OgI98T7FN18IfEYfHR =G2T2 -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Tue Jun 05 2001 - 12:32:34 PDT