开云体育

Re: BPQ32/LinBPQ vulnerability.

Chris Lance WW2BSA Member Profile All Messages By This Member #41985 开云体育 Thank you Eric and Ben. Learned something new today. 73 Chris ww2bsa toggle quoted message Show quoted text -------- Original message -------- From: "Eric H. Christensen via groups.io" <wg3k@...> Date: 8/27/24 1:21 PM (GMT-05:00) To: [email protected] Subject: Re: [bpq32] BPQ32/LinBPQ vulnerability. Common Vulnerability and Exposures[0], or CVE, is a system that provides a reference method for vulnerabilities.? A unique identifier is given to every vulnerability along with related information about the vulnerability, how it can affect a system (Common Weakness Enumeration[1] or CWE), how "bad" it is (Common Vulnerability Scoring System or CVSS), and other information from upstream so that users and downstream software developers can determine how their systems may be affected.? It is extremely important for libraries and other software that are integrated into other software to receive a CVE number; probably less so in this particular case.? When John said that someone had published the vulnerabilities I didn't know if he meant that they had been assigned a CVE number or just that he had received an email (or similar) that showed how the vulnerability could be executed. [0] https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures [1] https://cwe.mitre.org 73, Eric WG3K FM18rp Packet: WG3K@WG3K.#SMD.MD.USA.NOAM E-Mail: wg3k@... On Tuesday, August 27th, 2024 at 12:43, Chris Lance WW2BSA <Ww2bsa@...> wrote: > Hmmm...never heard of that....what is a CVE and why is it important?Chris > Ww2bsa > > -------- Original message -------- > From: "Eric H. Christensen via groups.io" <wg3k@...> > Date: 8/27/24 12:39 PM (GMT-05:00) > To: [email protected] > Subject: Re: [bpq32] BPQ32/LinBPQ vulnerability. > > We're CVEs issued for these vulnerabilities? > > 73, > Eric WG3K > FM18rp > Packet: WG3K@WG3K.#SMD.MD.USA.NOAM > E-Mail: wg3k@... > > Sent from Proton Mail Android > > > -------- Original Message -------- > On 8/27/24 09:23, John G8BPQ <john.wiseman@...> wrote: > > >? Someone has published an exploit for two buffer overflow vulnerability > >? in BPQ32/LinBPQ. > >? > >? The most serious one was fixed in 6.0.24.36 but many people may still be > >? running older versions. > >? > >? I suggest you update the the latest versions of bpq32 and linbpq > >? (6.0.24.42) from my beta download area. If you are running on Windows I > >? suggest you update BPQMail.exe and BPQChat.exe as well as bpq32.dll as > >? there may be incompatibly with older versions. > >? > >? The latest source in in my git repositories. > >? > >? I will issue a new installer for Windows a soon a possible but that may > >? take a few days. > >? > >? 73, John > >? > >? > >? > >? > >? > > > > > > > >

View All 11 Messages

#41985

Join [email protected] to automatically receive all group messages.