Bugtraq mailing list archives

Re: FreeBSD Ports Security Advisory: FreeBSD-SA-00:26.popper

From: mike () HYPERREAL ORG (Mike Brown)
Date: Mon, 10 Jul 2000 09:48:43 -0700

FreeBSD-SA-00:26
Topic:          popper port contains remote vulnerability
Category:       ports
Module:         popper
Announced:      2000-07-05

The popper port, version 2.53 and earlier, [is insecure...]
V.   Solution
One of the following:
1) Upgrade your entire ports collection and rebuild the popper port.
2) Deinstall the old package and install a new package [...]
3) download a new port skeleton [...] and use it to rebuild the port.
4) Use the portcheckout utility to automate option (3) above.


Not sure why this wasn't mentioned, but it should be noted that
Qualcomm's Qpopper 3.x is no longer considered beta, and there is a
FreeBSD port for it: 'popper3', which could be installed instead of
a patched version of 2.53. Version 3.0.2, which the current popper3
port uses, is, I believe, not subject to these vulnerabilities.

References:
 http://www.eudora.com/qpopper/30.html
 http://www.freebsd.org/ports/mail.html

-M.

Current thread:

FreeBSD Ports Security Advisory: FreeBSD-SA-00:26.popper FreeBSD Security Advisories (Jul 05)
- <Possible follow-ups>
- Re: FreeBSD Ports Security Advisory: FreeBSD-SA-00:26.popper Mike Brown (Jul 10)