From: Peter C. McCluskey (pcm@rahul.net)
Date: Sun Jan 26 2003 - 00:08:06 CST
A new version 2.1.6 is available in .tar.gz form on sourceforge and
hypermail.org, as well as in cvs.
It includes a fix for a buffer overflow that posed a security risk
for people using the option progress = 2 (I doubt many people use this),
a buffer overflow (boundbuffer in parse.c) that can be made to happen
with most configurations (it's unclear whether this posed a security risk).
Also, the cgi program called mail that comes with hypermail had a buffer
overflow which posed a security risk. This has been fixed, but because
this program could easily be abused by spammers the functionality of this
program has been disabled and warnings added to deter people from enabling
it. I doubt many people are using this program, but if you are using it you
should probably stop using it.
-- ------------------------------------------------------------------------------ Peter McCluskey | http://www.rahul.net/pcm |