1 |
Devon <devon@×××××.org> wrote: |
2 |
> Ben Cressey wrote: |
3 |
> |
4 |
> > It seems I missed the post to Bugtraq since it was issued as a Courier |
5 |
> > vulnerability, and I didn't read carefully enough to discover that |
6 |
> > Courier IMAP was also affected. Certainly this is my own fault, but I |
7 |
> > am just astonished that without Francisco's post I might have |
8 |
> > overlooked this serious problem altogether. |
9 |
> |
10 |
> I couldn't find the post to the Bugtraq mailing list. I searched my |
11 |
> archives and the archives at MARC -- no hits for Bugtraq ID 9845. Any |
12 |
> searches for "courier" also yielded no hits. I also didn't see anything |
13 |
> posted to FD. |
14 |
|
15 |
Same here. I also checked the courier-ML and found a corresponding post |
16 |
by Sam Varshavchik where he announced the new version, but he did not |
17 |
make clear that there is a vulnerability, he just stated in his |
18 |
announcement: |
19 |
|
20 |
> - East Asian character sets |
21 |
> |
22 |
> Several bugs in East Asian character set support have been fixed, and |
23 |
> many new character set mappings have been added, including euc-jp, |
24 |
> ksx-1001, ISO-2022-KR, ISO-2002-JP-1 |
25 |
|
26 |
Not a very good handling by all sides :( |
27 |
|
28 |
Cheers, |
29 |
Juri |
30 |
|
31 |
-- |
32 |
Juri Haberland <juri@××××××××××.com> |
33 |
|
34 |
|
35 |
-- |
36 |
gentoo-security@g.o mailing list |