Bugtraq mailing list archives
Re: FreeBSD Ports Security Advisory: FreeBSD-SA-00:26.popper
From: mike () HYPERREAL ORG (Mike Brown)
Date: Mon, 10 Jul 2000 09:48:43 -0700
FreeBSD-SA-00:26 Topic: popper port contains remote vulnerability Category: ports Module: popper Announced: 2000-07-05 The popper port, version 2.53 and earlier, [is insecure...] V. Solution One of the following: 1) Upgrade your entire ports collection and rebuild the popper port. 2) Deinstall the old package and install a new package [...] 3) download a new port skeleton [...] and use it to rebuild the port. 4) Use the portcheckout utility to automate option (3) above.
Not sure why this wasn't mentioned, but it should be noted that Qualcomm's Qpopper 3.x is no longer considered beta, and there is a FreeBSD port for it: 'popper3', which could be installed instead of a patched version of 2.53. Version 3.0.2, which the current popper3 port uses, is, I believe, not subject to these vulnerabilities. References: http://www.eudora.com/qpopper/30.html http://www.freebsd.org/ports/mail.html -M.
Current thread:
- FreeBSD Ports Security Advisory: FreeBSD-SA-00:26.popper FreeBSD Security Advisories (Jul 05)
- <Possible follow-ups>
- Re: FreeBSD Ports Security Advisory: FreeBSD-SA-00:26.popper Mike Brown (Jul 10)