A new version 2.1.6 is available in .tar.gz form on sourceforge and
hypermail.org, as well as in cvs.
It includes a fix for a buffer overflow that posed a security risk
for people using the option progress = 2 (I doubt many people use this),
a buffer overflow (boundbuffer in parse.c) that can be made to happen
with most configurations (it's unclear whether this posed a security risk).
Also, the cgi program called mail that comes with hypermail had a buffer
overflow which posed a security risk. This has been fixed, but because
this program could easily be abused by spammers the functionality of this
program has been disabled and warnings added to deter people from enabling
it. I doubt many people are using this program, but if you are using it you
should probably stop using it.
--
This archive was generated by hypermail 2.2.0 : Thu 22 Feb 2007 07:33:54 PM GMT GMT