Patches and occasional updates to Pegasus Mail and Mercury are provided from time to
time to address problems or add minor features outside our normal development cycle.
Patches do not have an installer - you need to be handy with a ZIP utility such as WinZIP
to install them. In general, we recommend that only reasonably experienced users install
patch versions on their systems. Patches are currently stored on our Maine, USA server
only. To retrieve a patch, simply click on its link.
|
Mercury/32
v4.01c Security patch for MercuryS AUTH
CRAM-MD5
vulnerability
(Aug 2007, 90Kb)
|
|
|
This patch corrects a vulnerability in
the MercuryS SMTP server where a maliciously
constructed AUTH command could cause buffer
overflows and potentially compromise your
machine. You must be running Mercury/32
patched to v4.01b before installing this
patch. All sites using MercuryS exposed
to the open Internet should regard this
patch as mandatory. Note: we strongly advise
you to upgrade to Mercury/32 v4.52 instead
of installing this patch into a v4.01 system.
You MUST NOT attempt to install this patch
on a v4.5 system.
|
|
|
|
Mercury/NLM
v1.49 Security patch for MercuryS AUTH CRAM-MD5
vulnerability
(Aug 2007, 90Kb)
|
|
|
This patch corrects a vulnerability in
the MercuryS SMTP server where a maliciously
constructed AUTH command could cause buffer
overflows and potentially compromise your
machine. All sites using MercuryS exposed
to the open Internet should regard this
patch as mandatory.
|
|
|
|
Mercury/32
v4.01c Security patch for MercuryI "literal"
vulnerability
(May 2007, 90Kb)
|
|
|
This patch corrects a vulnerability and
addresses some memory leaks in the MercuryI
IMAP server. You must be running Mercury/32
patched to v4.01b before installing this
patch. All sites using IMAP servers exposed
to the open Internet should regard this
patch as mandatory. Note: we strongly advise
you to upgrade to Mercury/32 v4.52 instead
of installing this patch into a v4.01 system.
|
|
|
|
Mercury/32
Security patches for MercuryW and MercuryH
(Jan 2006, 120Kb)
|
|
|
This patch corrects vulnerabilities in
the MercuryH PH Server and MercuryW PopPass
server that could result in affected systems
being compromised. All sites running Mercury
v4.01a, v4.01b or a v4.10 beta and using
these modules should regard this upgrade
as mandatory.
|
|
|
|
Mercury/32
V4.01a to Mercury/32 v4.01b, 1.3MB
|
|
|
This patch will upgrade an existing Mercury/32
v4.01a installation to v4.01b; it can only
be used to ugprade from v4.01a, not from
earlier versions. See the file called README.TXT
in the archive for installation instructions.
|
|
|
|
|
Pegasus
Mail v4.21a or v4.21b to Pegasus Mail v4.21c, 1.3MB
|
|
|
This patch will upgrade an existing Pegasus
Mail v4.21a or v4.21b installation to v4.21c; it can
only be used to upgrade v4.21a or v4.21b
- not earlier versions: you must
not attempt to use it to upgrade any earlier
version of the program. See the file called
README.TXT in the archive for installation
instructions.
|