scott at kitterman
Oct 15, 2008, 9:59 AM
Post #1 of 1
(765 views)
Permalink
|
There is (at last) a new libspf2 release. All the patches that I had
collected from people were looked at and the issues addressed either by that
patch or with an alternative solution (the maintainer had patches from
multiple sources and sometimes they overlapped). All of you who contributed,
thank you.
In addition to the run of the mill bugfixes, this release also includes a
security fix for a buffer overflow. I understand a CVE will be published
soon at http://cve.mitre.org/cgi-bin/cvename.cgi?name=2008-2469
Because of the large numer of fixes for significant bugs (a number of memory
leaks are fixed in addition to the overflow), anyone using libspf2 should
seriously consider upgrading very soon.
The upstream release announcement is here:
http://libspf2.org/index.html
The new version can be downloaded from here:
http://libspf2.org/download.html
A number of vendors and distributors that provide libspf2 were contacted and
are in varying states of providing updates.
For Ubuntu Linux a patch to correct the buffer overflow has been uploaded for
all supported releases and will be published soon. I intend to upload the
new 1.2.8 to the current development release and will explore backporting it
to earlier releases.
Scott K
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com
|
