linux, säkerhet

7735902 2002-01-01 21:40 +0100  /37 rader/ Thomas Roessler <roessler@does-not-exist.org>
Sänt av: joel@lysator.liu.se
Importerad: 2002-01-02  05:50  av Brevbäraren
Extern mottagare: mutt-announce@mutt.org
Extern mottagare: mutt-dev@mutt.org
Extern mottagare: mutt-users@mutt.org
Extern mottagare: bugtraq@securityfocus.com
Extern kopiemottagare: Joost Pol <joost@contempt.nl>
Extern kopiemottagare: Jeremy Blosser <jblosser@firinn.org>
Mottagare: Bugtraq (import) <20334>
Ärende: [Announce] SECURITY: mutt-1.2.5.1 and mutt-1.3.25 released.
------------------------------------------------------------
From: Thomas Roessler <roessler@does-not-exist.org>
To: mutt-announce@mutt.org, mutt-dev@mutt.org, mutt-users@mutt.org,
 bugtraq@securityfocus.com
Cc: Joost Pol <joost@contempt.nl>,
 Jeremy Blosser <jblosser@firinn.org>
Message-ID: <20020101204031.GA20706@sobolev.does-not-exist.org>

mutt-1.2.5.1 and mutt-1.3.25 have just been released.

These releases both fix a security hole which can be remotely
exploited. The problem was found and a fix suggested by Joost Pol
<joost@contempt.nl>.  Thanks for that.

mutt-1.2.5.1 is released as an update to the last stable version of
mutt, mutt-1.2.5.  The ONLY relevant change in this version is the
fix mentioned above.  No other bugs present in 1.2.5 have been
fixed.  You only want to upgrade to this version of mutt if you
absolutely have to stick with the mutt-1.2 series.

mutt-1.3.25 is the latest BETA version of mutt, and very close to
what will eventually become mutt-1.4.  Personally, I'd recommend
that you download and use this version.

The tar balls, with detached PGP signatures, will be available from 
<ftp://ftp.mutt.org/pub/mutt/> in some minutes.

As an alternative, you can apply the patch available from 
<ftp://ftp.mutt.org/pub/mutt/patch-1.2,3.rfc822_terminate.1> to any 
1.2 or 1.3 series mutt source code, and rebuild.


I apologize for the problem, and wish all of you a happy new year.

-- 
Thomas Roessler                        http://log.does-not-exist.org/
(7735902) /Thomas Roessler <roessler@does-not-exist.org>/
Bilaga (application/pgp-signature) i text 7735903
7735903 2002-01-01 21:40 +0100  /13 rader/ Thomas Roessler <roessler@does-not-exist.org>
Importerad: 2002-01-02  05:50  av Brevbäraren
Extern mottagare: mutt-announce@mutt.org
Extern mottagare: mutt-dev@mutt.org
Extern mottagare: mutt-users@mutt.org
Extern mottagare: bugtraq@securityfocus.com
Extern kopiemottagare: Joost Pol <joost@contempt.nl>
Extern kopiemottagare: Jeremy Blosser <jblosser@firinn.org>
Mottagare: Bugtraq (import) <20335>
Bilaga (text/plain) till text 7735902
Ärende: Bilaga till: [Announce] SECURITY: mutt-1.2.5.1 and mutt-1.3.25 released.
------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)

iQEVAwUBPDIev9ImKUTOasbBAQJqSAf6AvWpzKDJumBz4rPhIoVENsSyOu4/N78b
k4em4afI6jJ0hjZmcBlQSvf0THqax+eNTRTWKnJMJ9o7Fz80usL697TEksDb8aCV
9h89JAAlRQHZIP6fjx0jr7KMmjz5i4XqG13mLm+9S52MK76wFwf5HHd+3VAzcfni
JP4EcUIGd/nNCh+MrhGTuFlRC0mZ/zOYPeyZ/iC1abXOGAWuPgDcucEd+O/n6TXp
Aw6s5xwZg26buqmQEuy5J3E3VksLqQwl3iEDFf6XijnOKjHIuPh4Lvxddg50NeTm
a0EOVmoS8ZfnIme+vnCQXKIR1vvKKsLraXEn6Jw6XwG97RSNurx5qQ==
=clc3
-----END PGP SIGNATURE-----
(7735903) /Thomas Roessler <roessler@does-not-exist.org>/