From owner-freebsd-security Sat Jun 2 11:15:20 2001 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [12.23.109.2]) by hub.freebsd.org (Postfix) with ESMTP id 0570637B422 for ; Sat, 2 Jun 2001 11:15:18 -0700 (PDT) (envelope-from brett@lariat.org) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id MAA03967 for ; Sat, 2 Jun 2001 12:15:14 -0600 (MDT) Message-Id: <4.3.2.7.2.20010602121447.04a23c00@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Sat, 02 Jun 2001 12:15:08 -0600 To: security@freebsd.org From: Brett Glass Subject: FYI Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Date: Fri, 1 Jun 2001 23:28:20 -0700 From: Qpopper Support To: Qpopper Public List , qpopper-announce@rohan.qualcomm.com Cc: qpopper@qualcomm.com Subject: Qpopper 4.0.3 **** Fixes Buffer Overflow **** Qpopper 4.0.3 is available at . **** 4.0.3 FIXES A BUFFER OVERFLOW PRESENT IN ALL VERSIONS OF 4.0 -- PLEASE UPGRADE IMMEDIATELY *** Changes from 4.0.2 to 4.0.3: ---------------------------- 1. Don't call SSL_shutdown unless we tried to negotiate an SSL session. (As suggested by Kenneth Porter.) 2. Fix buffer overflow (reported by Gustavo Viscaino). 3. Fixed empty password treated as empty command (patch submitted by Michael Smith and others). 4. Added patch by Carles Xavier Munyoz to fix erroneous scanning for \n in getline(). 5. Fix from Arvin Schnell for warnings on 64-bit systems. 6. Added patch by Clifton Royston to change error message for nonauthfile and authfile tests. 7. Added 'uw-kludge' as synonym for 'uw-kluge'. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message