Re: ANNOUNCE: LibESMTP 0.8.11

From: John Merryweather Cooper <john_m_cooper yahoo com>
To: Brian Stafford <brian stafford uklinux net>
Cc: LibESMTP Development List <libesmtp-devel community uklinux net>,Balsa List <balsa-list gnome org>,Pan Users <pan-users rebelbase com>
Subject: Re: ANNOUNCE: LibESMTP 0.8.11
Date: 06 Mar 2002 07:21:51 -0800

Works for me on FreeBSD.  I've post my PR which is waiting to be
committed.  :)

On Wed, 2002-03-06 at 03:56, Brian Stafford wrote:
> Hi all,
> 
> Those of you using libESMTP should download the latest tarballs from
> 
>          http://www.stafford.uklinux.net/libesmtp/download.html
> 
> It is strongly reccomended that all users upgrade immediately as this release 
> fixes a major security bug.  See the extract from the change log below.
> 
> Also fixed is a minor build problem in the NTLM code.  This previously used 
> stdint.h which is not universally available yet.
> 
> Regards
> Brian Stafford
> 
> 2002-03-04      Brian Stafford  <brian@stafford.uklinux.net>
>        * protocol.c
>          Fix buffer overflow problem in read_smtp_response.  This
>          overflow could be exploited by a malicious SMTP server to
>          overwrite the stack and hence a carefully crafted response could
>          cause arbitrary code to be executed.  Also took the opportunity
>          to add a related check for a potential DoS attack which makes
>          use of excessively long SMTP responses.  Thanks to Colin Phipps
>          for detecting this.
> 
>        * concatenate.[ch]
>          New function cat_shrink to shrink-wrap the allocated buffer.
> 
>        * libesmtp.h errors.c
>          New unterminated response error code and description.
> 
>        * ntlm/ntlmstruct.c configure.in crammd5/md5.h
>          stdint.h does not yet seem to be widely available causing
>          compilation to fail on some platforms.  Changed uint{16,32}_t to
>          unsigned{16,32}_t, detect correct sizes with autoconf and added
>          typedefs in ntlmstruct.c.  Changed detection types from int to
>          unsigned int in configure.in and made corresponding changes in
>          crammd5/md5.h.  Thanks to Ronald F. Guilmette for spotting this.
> 
> 
> 2002-02-12      Brian Stafford  <brian@stafford.uklinux.net>
>        * strcasecmp.c strncasecmp.c
>          These now return the correct sign of result for differing strings.
> 
> _______________________________________________
> balsa-list mailing list
> balsa-list@gnome.org
> http://mail.gnome.org/mailman/listinfo/balsa-list
-- 
         _
  | |V| / '                       ||  MacroHard --                   \
\_| | | \_,                       ||     the perfection of form over |
----------------------------------||     substance, marketing over   |
Web:  http://www.borgsdemons.com  ||     performance, and greed over |
AIM:  johnmcooper                 ||     design . . .                |
=====================================================================/
Public Key:  http://www.borgsdemons.com/Personal/pgpkey.asc          |
=====================================================================\

References:
- ANNOUNCE: LibESMTP 0.8.11
  - From: Brian Stafford

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]