This release fixes a locally-exploitable bug in Courier 0.37.1 and earlier, identified by Nat Sakimura . A hand-crafted .courier file can be used to insert \r characters in the message queue file. A bug in the function that reads message queue files subsequently results in memory corruption.
If upgrading to 0.37.2 is not feasible, apply the following patch to 0.37.1, and earlier: http://www.courier-mta.org/beta/patches/queuefile-fix/. Download: http://www.courier-mta.org/download.php -- Sam _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
