pine URL-handling code exploit and Debian

To: debian-security@lists.debian.org
Subject: pine URL-handling code exploit and Debian
From: "Thomas Gebhardt" <gebhardt@HRZ.Uni-Marburg.DE>
Date: Mon, 28 Jan 2002 18:23:00 +0100
Message-id: <[🔎] 200201281723.g0SHN04Z013538@pcrz175.HRZ.Uni-Marburg.DE>

Hi,

I wonder whether there will be an advisory on the pine URL-handling code
exploit? (http://www.washington.edu/pine/pine-info/2002.01/msg00042.html).
This is a pretty serious security bug within pine.

Yes, I know about the special status of pine within Debian.
This makes it rather tricky to say "Debian Rel. x is vulnerable"
or vice versa. But it would be nice to have a handout for the
sysadmins about what to do. Users tend to like pine even if the
sysads do not, so you cannot simply remove pine from your servers.

Thanks, Thomas

Reply to:

Prev by Date: Re: [d-security] Securing /var/log/{lastlog,wtmp}
Next by Date: Re: [d-security] Securing /var/log/{lastlog,wtmp}
Previous by thread: Re: [d-security] Securing /var/log/{lastlog,wtmp}
Next by thread: ScanMail Message: To Recipient virus found and action taken.
Index(es):
- Date
- Thread