[prev in list] [next in list] [prev in thread] [next in thread]
List: amavis-tech
Subject: [AMaViS-tech] convert uulib 0.212 broken?
From: <pcg () goof ! com ( Marc) (A ! ) (Lehmann )>
Date: 2002-06-30 2:16:32
[Download RAW message or body]
(I am not on the list)
Hi there ;)
I recent months I received an increasing amount of mail about "fixing"
version 0.212 of Convert::UUlib. Turns out www.amavis.org says that this
version (and others) are broken. However, version 0.212 (the current one)
has all known bugs fixed, while the recommended one (0.201 and 0.111)
does not and the buffer overflows might be exploitable (even more so as
these older versions don't correctly decode all attachments, nor the
increasingly spreading yenc).
Since I never received a bugreport for 0.212, either, I can only guess this
is caused by this (slightly snippish) entry in the ChangeLog:
- *sigh*. new version of uulib, new braindamaged buffer overflows.
I would not use this code in a virus-scanner, despite my efforts
to fix uulib. Diffs like "line length 256 => 300" should have
alerted me...
While I still think that way, this does not mean that one should prefer
older, known-to-be-buggy versions over newer, fixed ones. So unless 0.212
really is buggy and this is just caused by the slightly misleading Changes
entry, I'd really "recommend to recommend" the current version, not older
ones. Would save me mail, too ;)
--
-----==- |
----==-- _ |
---==---(_)__ __ ____ __ Marc Lehmann +--
--==---/ / _ \/ // /\ \/ / pcg@goof.com |e|
-=====/_/_//_/\_,_/ /_/\_\ XX11-RIPE --+
The choice of a GNU generation |
|
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
No, I will not fix your computer.
http://thinkgeek.com/sf
_______________________________________________
AMaViS-tech mailing list
AMaViS-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-tech
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic