New unofficial unofficial pine packages
I have updated my unofficial unofficial pine packages in response to some
security problems which have recently been discovered with pine.
A buffer overflow exists in the way unpatched versions of Pine prior to
4.57 handle the 'message/external-body' type. The Common Vulnerabilities
and Exposures project (cve.mitre.org/) has assigned the name CAN-2003-0720
to this issue.
An integer overflow exists in the Pine MIME header parsing in versions
prior to 4.57. The Common Vulnerabilities and Exposures project
(cve.mitre.org/) has assigned the name CAN-2003-0721 to this issue.
Both of these flaws could be exploited by a remote attacker sending a
carefully crafted email to the victim that will execute arbitrary code
when the email is opened using Pine.
You can find instructions for downloading my packages at
http://www.braincells.com/open/ If you are using an earlier version
please upgrade ASAP.
One change I had to make in this version was to use the internal static
c-client lib instead of the Debian package. I don't think it will make
any difference but if you notice any weird problems, please let me know.
--
Jaldhar H. Vyas <jaldhar@debian.org>
La Salle Debain - http://www.braincells.com/debian/
Reply to: