From owner-freebsd-security Mon Jun 4 4:25:19 2001 Delivered-To: freebsd-security@freebsd.org Received: from internethelp.ru (wh.internethelp.ru [212.113.112.145]) by hub.freebsd.org (Postfix) with ESMTP id C3D4D37B403 for ; Mon, 4 Jun 2001 04:25:13 -0700 (PDT) (envelope-from nkritsky@internethelp.ru) Received: from ibmka (ibmka.internethelp.ru. [192.168.0.6]) by internethelp.ru (8.9.3/8.9.3) with SMTP id PAA01815 for ; Mon, 4 Jun 2001 15:25:11 +0400 (MSD) Message-ID: <056701c0ece9$0308d720$0600a8c0@ibmka.internethelp.ru> From: "Nickolay A. Kritsky" To: Subject: Re: FYI Date: Mon, 4 Jun 2001 15:25:03 +0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.5 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Does it mean, that popper supplied with FreeBSD 3.3 (/usr/local/libexec/popper) is vulnerable too? Best Regards NKritsky - SysAdmin InternetHelp.Ru http://www.internethelp.ru e-mail: nkritsky@internethelp.ru -----Original Message----- From: Brett Glass To: security@FreeBSD.ORG Date: 2 èþíÿ 2001 ã. 22:49 Subject: FYI >Date: Fri, 1 Jun 2001 23:28:20 -0700 >From: Qpopper Support >To: Qpopper Public List , > qpopper-announce@rohan.qualcomm.com >Cc: qpopper@qualcomm.com >Subject: Qpopper 4.0.3 **** Fixes Buffer Overflow **** > >Qpopper 4.0.3 is available at >. > > >**** 4.0.3 FIXES A BUFFER OVERFLOW PRESENT IN ALL VERSIONS OF 4.0 -- >PLEASE UPGRADE IMMEDIATELY *** > > >Changes from 4.0.2 to 4.0.3: >---------------------------- > 1. Don't call SSL_shutdown unless we tried to negotiate an > SSL session. (As suggested by Kenneth Porter.) > 2. Fix buffer overflow (reported by Gustavo Viscaino). > 3. Fixed empty password treated as empty command (patch > submitted by Michael Smith and others). > 4. Added patch by Carles Xavier Munyoz to fix erroneous > scanning for \n in getline(). > 5. Fix from Arvin Schnell for warnings on 64-bit systems. > 6. Added patch by Clifton Royston to change error message > for nonauthfile and authfile tests. > 7. Added 'uw-kludge' as synonym for 'uw-kluge'. > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message