Mailing List Archive

libSPF format string vulnerability (will be CVE-2006-1520)
It has been brought to my attention by Karl Chen <> that
when DEBUGGING is enabled in libSPF there exists a format string vulnerability.
Karl Chen submitted a patch to remedy this problem and it has been released
as libSPF-1.0.0-p5 and is available for download from the website.

If you don't have DEBUGGING enabled you are not at risk, however it is
recommended that to avoid possible future problems that you upgrade to the
latest version.

CVS is currently offline whilst a machine is being upgrade and should be
available again by weeks end.




To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to