Pegasus Mail & Mercury

Welcome to the Community for Pegasus Mail and
The Mercury Mail Transport System, the Internet's longest-serving PC e-mail system!
Welcome to Pegasus Mail & Mercury Sign in | Join | Help
in
Home Blogs Forums Downloads Pegasus Mail Overview Mercury Overview Wiki

The 'Heartbleed' problem and how it affects (or doesn't affect) Pegasus Mail/Mercury

Last post 04-11-2014, 4:46 by David Harris. 0 replies.
Sort Posts: Previous Next
  •  04-11-2014, 4:46

    • David Harris is not online. Last active: 10-15-2016, 17:58 David Harris
    • Top 25 Contributor
    • Joined on 01-31-2007
    • New Zealand
    • Star
    • Points 9,840
    • SystemAdministrator

    The 'Heartbleed' problem and how it affects (or doesn't affect) Pegasus Mail/Mercury

    Some of you may have read about a recently-discovered vulnerability in a product called OpenSSL that is being called the "Heartbleed bug". A good summary of this problem can be read on Brian Krebs' security blog, here:

    http://krebsonsecurity.com/2014/04/heartbleed-bug-what-can-you-do/

    Builds of Pegasus Mail earlier than v4.7 did not use OpenSSL and are completely immune to this bug.

    Pegasus Mail v4.70 uses an affected version of OpenSSL, but the problem is not serious for client implementations - only servers are seriously affected by this problem. Pegasus Mail users can continue to run the current v4.70 build of Pegasus Mail to connect to their normal e-mail servers without any practical risk of being affected by this vulnerability. That said, I have already prepared a patched version of OpenSSL that is immune to the Heartbleed bug, and will be making it available for download as soon as the test team has finished verifying that everything still works normally with it. Pegasus Mail v4.70 users should install the patched version when it becomes available as a simple matter of prudence. Pegasus Mail v4.71, which will be released in the next few weeks, will include the patched build of OpenSSL as a matter of course.

    Current builds of Mercury (anything up to and including v4.70) do not use OpenSSL and are unaffected by this problem. Mercury/32 v4.8, which is in the final stages of development at present, *does* use OpenSSL, but will be released with the patched build of OpenSSL from day one.

    So, the long and the short of it is that if you're a current user of Pegasus Mail or Mercury, then the Heartbleed bug is not a matter of significant concern to you.

    Cheers!

    -- David --

View as RSS news feed in XML

Contact | Advertise | Host provider: PraktIT | Terms of Use | Privacy Statement
Copyright © 2007-2011 David Harris / Peter Strömblad. | Pegasus Mail Home Page