The latest source release for Courier IMAP is 4.1.3. Upgrade to that then you know for definite you won't be affected.
Andy. kfx wrote: > Hi list, > following the Gentoo's advisory ( > http://www.gentoo.org/security/en/glsa/glsa-200704-18.xml ), it is said > that courier-imap 4.0.6-r2 and below has a vulnerability with XMAILDIR > variable leading to shell command injection. If I've installed > courier-imap 4.0.6 from source (with the file > "courier-imap-4.0.6.tar.bz2" from the courier's site), am I affected by > this ? I mean the -r2 in 4.0.6-r2 is for something like "release > candidate" so I shouldn't worry ? > Thanks, > kfx > > ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > Courier-imap mailing list > [email protected] > Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap > > !DSPAM:37,462faabf89291366118785! > > > ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Courier-imap mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
