At 5/24/2005 03:31 PM, Ken A wrote:
The email you forwarded gives you the answer:
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-mail/qpopper < 4.0.5-r3 >= 4.0.5-r3
versions 4.05-rc3 and up are not vulnerable.
I saw that in the advisory, but it still left me unsure as to whether
non-packaged versions of Qpopper were available because:
1) There are sometimes vulnerabilities in packages that do not exist when
one compiles from source
2) There is no source package with the version 4.0.5-r3
3) The two CVE entries for the vulnerabilities are so new (April 18, 2005)
that the entries do not contain any detail about the vulnerabilities,
suggesting that the vulnerabilities may not have been known when beta two
of Qpopper 4.0.6 was released in Sept. 2004 or even in 4.0.7, which was
released on April 25, 2005.
