[hylafax-devel] Re: Security patches for hylafax-v4.0pl2

To: John Holland <john@zoner.org>
Subject: [hylafax-devel] Re: Security patches for hylafax-v4.0pl2
From: Tim Rice <tim@trr.metro.net>
Cc: <hylafax-devel@hylafax.org>
Date: Thu, 15 Jun 2000 03:11:00

On Wed, 14 Jun 2000, John Holland wrote:

> I had a bit of time last weekend, so in the interest of patching the setuid 
> uucp buffer overflow in faxalter and getting the FreeBSD/OpenBSD port 
> current, I did a beginnings of a security audit on hylafax-v4.0pl2.  Below 
> are patches for various unbounded string copies in the source.
> 
Looks Good.

[snip]
> 
> What is the status of hylafax-v4.0pl2?  Is any work being done on it?  Is 
> another patch level forthcoming?  Or is the effort being targeted to 
> 4.1beta?  Would my time be better spent looking at the latter?

Your time is better spent on the 4.1 CVS code base.

Hoever, for the people still using 4.0pl2, I put together an 
unofficial pl3 patch a few weeks ago. Check the archives for
hylafax4.0beta024 (aka pl3)

> 
[big snip]


-- 
Tim Rice				Multitalents	(707) 874-1130
tim@trr.metro.net



____________________ HylaFAX(tm) Developers Mailing List ____________________
 To unsub: mail -s unsubscribe hylafax-devel-request@hylafax.org < /dev/null

Prev by Date: [hylafax-devel] Security patches for hylafax-v4.0pl2
Next by Date: [hylafax-devel] Re: Security patches for hylafax-v4.0pl2
Prev by thread: [hylafax-devel] Security patches for hylafax-v4.0pl2
Next by thread: [hylafax-devel] Re: Security patches for hylafax-v4.0pl2
Index(es):
- Main
- Thread

Report any problems to webmaster@hylafax.org

HylaFAX is a trademark of Silicon Graphics Corporation.
Internet connectivity for hylafax.org is provided by:
VirtuALL Private Host Services