Re: The so-called "remote exploit in pine"
On Fri, Feb 12, 1999 at 06:30:45PM +0000, Edward John M. Brocklesby wrote:
> Ysgrifennodd sanvila@unex.es ar Fri, Feb 12, 1999 at 02:18:54PM +0100:
> > severity 33099 normal
> > severity 33210 normal
> > reassign 33099 general
> > reassign 33210 general
> > merge 33099 33210
> >
> > I have been unable to reproduce the problem reported in Bug#33099.
> >
> > If I'm not mistaken, to deal with this we would have to check that all our
> > printcap entries are safe (hence the "general" reassignement).
> >
> > I will let the Debian security experts to decide about the severity of
> > these bugs (previously 33099 was "critical" and 33210 "normal").
>
> I suggest that bug 33099 be severity 'important'. I have found at least two
> people on #debian-devel who report having the problematic line in
> /etc/mailcap, and thus they are vulnerable to the problem if they a) run the
> unpatched pine or b) run another mailer with the same problem (or metamail?).
>
> I was unable to assertain the package that installed this line into
> /etc/mailcap.
I suspect metamail is at fault.
Dan
/--------------------------------\ /--------------------------------\
| Daniel Jacobowitz |__| CMU, CS class of 2002 |
| Debian GNU/Linux Developer __ Part-Time Systems Programmer |
| dan@debian.org | | drow@cs.cmu.edu |
\--------------------------------/ \--------------------------------/
Reply to: