Updated tarballs, tagged as 0.40.0.20021026/1.6.0.20021025 are now on the
download page. For those using Sourceforge's release system, this is still
the 0.40/1.6 release.
This update should fix the broken imap/pop3 SSL startup scripts, and a
couple of other things. Of particular importance is an exploitable bug
that's been brought to my attention today; where a local shell user can coax
Courier's webmail binary to read an arbitrary file on the local filesystem.
If your're running Courier-webmail on server with login shell access, you
should grab this tarball, or apply the patch at
http://www.courier-mta.org/beta/patches/sqwebmail-readfile-fix/.
Bad timing. If I knew this yesterday, this would've gone into the 3.4
build, and eliminate today's tarball juggling act.
--
Sam
-------------------------------------------------------
This sf.net email is sponsored by: Influence the future
of Java(TM) technology. Join the Java Community
Process(SM) (JCP(SM)) program now.
http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0004en
_______________________________________________
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
