On Thu, May 25, 2000 at 11:13:38AM +0200, Miquel van Smoorenburg wrote: > According to Petr Cech: > > On Wed, May 24, 2000 at 11:27:24PM -0700 , Joey Hess wrote: > > qpopper is safe IIRC recent discusion. or the fix shold be installed yesterday > > Should this go to slink also? > > The qpopper bug is not very serious. It makes it possible to send fake > emails to someone, even if that person has heavy filtering (for example, > a copy of the ILOVEYOU virus). That is all. There is no shell- or root > exploit involved. there is another bug in qpopper 2.53 discussed on bugtraq where it is possible to get a gid=mail shell. i think this is new and unrelated to the last one. i don't service pop3 so i did not keep really close track of the latest problems in qpopper... -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgpaGKSBcXw2W.pgp
Description: PGP signature