Today  I have  found and  fixed a  severe security  exposure in  LISTSERV. For
obvious reasons, I  shall provide NO information regarding the  nature of that
problem, and I  am explicitly asking you  not to discuss it on  the network in
any way which might help potential hackers find out what it is.
 
I could explain how to zap the  affected program files to fix the problem, but
this would also expose  what the problem is, and then it would  just be a race
between the  maintainers and  hackers, which  could be  especially bad  as the
holidays are not over  for everybody. I thought about it  and decided that the
wisest  thing to  do was  to "close"  1.6b today,  after making  the necessary
changes  to make  this a  "clean" closure,  rather than  just stopping  in the
middle  of something.  Furthermore, all  the updated  files will  bear today's
date, so as to  "hide" the fix in the mass of other  changes: in case a hacker
were to get a copy of the code, it would take him much longer to find out what
the  problem is,  and this  gives more  time to  the maintainers  to test  and
install 1.6b.
 
I suppose that's all  I can do about it, apart from  apologizing for being the
cause of  the problem  in the  first place, making  sure to  recommend serious
testing of 1.6b as there will be  no beta 1.6b programme, and wishing you good
luck. A description of the changes between 1.6a and 1.6b will follow, and I'll
then ship the code to everybody.
 
  Eric