Hi list, following the Gentoo's advisory ( http://www.gentoo.org/security/en/glsa/glsa-200704-18.xml ), it is said that courier-imap 4.0.6-r2 and below has a vulnerability with XMAILDIR variable leading to shell command injection. If I've installed courier-imap 4.0.6 from source (with the file "courier-imap-4.0.6.tar.bz2" from the courier's site), am I affected by this ? I mean the -r2 in 4.0.6-r2 is for something like "release candidate" so I shouldn't worry ? Thanks, kfx
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Courier-imap mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
