INN 2.4.1 urgent release
dsr+inn at mail.lns.cornell.edu
dsr+inn at mail.lns.cornell.edu
Thu Jan 8 00:04:31 UTC 2004
Russ Allbery <rra at stanford.edu> writes:
> Dan Riley found a potential (likely) security vulnerability in INN 2.4.0
> and later (INN 2.3.x are not affected). I'm rolling INN 2.4.1 tonight.
Reported barely an hour previously, so you're getting fast turnaround
(Russ had been mumbling about 2.4.1 for a while...). This bug may
have been responsible for some of the other mysterious crashes under
ARTpost() reported in the last year or so.
> If anyone currently is running the STABLE release, I'd really appreciate
> testing of:
I've just updated lnsnews.lns.cornell.edu from STABLE-20030716 to the
2.4.1 candidate. This was done as a "vendor update" to our local cvs
tree, so it wasn't a completely clean naive-customer install, but I
can say I didn't encounter anything unexpected.
> As soon as we get this release out the door, I'm going to see about making
> FileGlue go away completely in the innd source; it's too easy to misuse by
> accident.
Strong agreement.
-dan
More information about the inn-workers
mailing list