Hanno Böck writes:
Hi,courier-authlib bundles libltdl version 2.2.6. This version has security issues:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3736This probably does not affect many users, because courier-authlib uses the system-wide libltdl if it's available.Anyway, the bundled version should probably get an update. Alternatively you could just throw away the bundled version and require libltdl to be installed system wide. Bundling librarys is a bad idea anyway imho (due to security issues like this one).
I'm leaning towards requiring the system libltdl to be installed.
pgpfOZfxqSDrO.pgp
Description: PGP signature
------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
_______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
