LSTSRV-L Archives

LISTSERV Site Administrators' Forum

LSTSRV-L
Options: Use Monospaced Font
Show Text Part by Default
Condense Mail Headers

Topic: [<< First] [< Prev] [Next >] [Last >>]

Parts/Attachments: text/plain (26 lines)
Print Reply
Mime-Version:
1.0
Sender:
LISTSERV give-and-take forum <[log in to unmask]>
Subject:
Re: SECURITY ADVISORY FROM L-SOFT (2000-07-17)
From:
Thomas Jouas <[log in to unmask]>
Date:
Tue, 18 Jul 2000 21:03:35 +0200
In-Reply-To:
<[log in to unmask]>; from [log in to unmask] on Mon, Jul 17, 2000 at 04:23:13PM -0400
Content-Type:
text/plain; charset=us-ascii
Reply-To:
LISTSERV give-and-take forum <[log in to unmask]>
 
On Mon, Jul 17, 2000 at 04:23:13PM -0400, Nathan Brindle wrote:
> ************************** SECURITY ADVISORY 1 **************************
>
> A  security  exposure has  been  discovered  and  fixed in  LISTSERV  and
> LISTSERV Lite. L-Soft recommends that  all affected users apply the 2000b
> level set immediately.
>
> Please note carefully that this  exposure differs from the exposure fixed
> by the 2000a level set released on 5 May 2000.
>

Hi :)

Does this vulnerability only affect the web interface (as said in Bugtraq) or also the basic listserv functions ?
The advisory doesn't tell what part of lsv is really affected...


In addition, the changelog in the Makefile (under Unix) doesn't mention the 2000a and 2000b patch levels although the Build Date is correct.


Thomas

--
Thomas
[log in to unmask]

ATOM RSS1 RSS2