=====================================================================
                                 CERT-Renater

                      Note d'Information No. 2001/VULN166
_____________________________________________________________________

DATE                      : 05/062001

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : /
                            
======================================================================


Qpopper 4.0.3 is available at
<ftp://ftp.qualcomm.com/eudora/servers/unix/popper/>.


**** 4.0.3 FIXES A BUFFER OVERFLOW PRESENT IN ALL VERSIONS OF 4.0 --
PLEASE UPGRADE IMMEDIATELY ***


Changes from 4.0.2 to 4.0.3:
----------------------------
  1.  Don't call SSL_shutdown unless we tried to negotiate an
      SSL session.  (As suggested by Kenneth Porter.)
  2.  Fix buffer overflow  (reported by Gustavo Viscaino).
  3.  Fixed empty password treated as empty command (patch
      submitted by Michael Smith and others).
  4.  Added patch by Carles Xavier Munyoz to fix erroneous
      scanning for \n in getline().
  5.  Fix from Arvin Schnell for warnings on 64-bit systems.
  6.  Added patch by Clifton Royston to change error message
      for nonauthfile and authfile tests.
  7.  Added 'uw-kludge' as synonym for 'uw-kluge'.



======================================================================

        =========================================================
        Les serveurs de référence du CERT-Renater
        http://www.urec.fr/securite
        http://www.cru.fr/securite
        http://www.renater.fr 
	=========================================================
	+ CERT-RENATER		| tel : 01-53-94-20-44		+
	+ 151 bd de l'Hopital	| fax : 01-53-94-20-41		+
	+ 75013 Paris		| email: certsvp@renater.fr	+
	=========================================================