Changes between Initial Version and Version 1 of release-notes/1.6.2


Ignore:
Timestamp:
Jul 27, 2010, 10:44:00 PM (7 years ago)
Author:
nelhage@mit.edu
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • release-notes/1.6.2

    v1 v1  
     1{{{
     2
     3The BarnOwl Developers are pleased to announce the release of BarnOwl
     4version 1.6.2. BarnOwl 1.6.2 is a security release on top of BarnOwl
     51.6.1.
     6
     7It has been installed in the Athena locker, and you can download it
     8from the website [1] or get the source from Github [2].
     9
     10BarnOwl 1.6.2 fixes a bug where BarnOwl did not check the return code
     11from certain libzephyr functions, which could be remotely exploited to
     12crash BarnOwl or potentially execute arbitrary code
     13(CVE-2010-2725). This bug affects all previous versions of BarnOwl, as
     14well as the owl client BarnOwl is based on.
     15
     16In addition, BarnOwl 1.6.2 improves BarnOwl's handling of its debug
     17log. In all previous versions of BarnOwl, the debug log, which
     18contains potentially sensitive data, was written to a
     19'/var/tmp/owldebug' file with default permissions. BarnOwl 1.6.2
     20writes to /var/tmp/barnowl.$PID, sets strict permissions, and
     21otherwise takes appropriate precautions to prevent hijacking of the
     22log file.
     23
     24The full Changelog is available online [3].
     25
     26Thank you for using BarnOwl, and we hope you enjoy the new release. As
     27usual, any bug reports, questions, or feature requests can be directed
     28to the developers at <barnowl@mit.edu>.
     29
     30- Nelson Elhage
     31for the BarnOwl developers
     32
     33[1] http://barnowl.mit.edu/wiki/Download/
     34[2] http://github.com/barnowl/barnowl/
     35[3] http://github.com/barnowl/barnowl/blob/barnowl-1.6.2/ChangeLog
     36}}}