New unofficial unofficial pine packages

To: debian-user@lists.debian.org
Subject: New unofficial unofficial pine packages
From: "Jaldhar H. Vyas" <jaldhar@debian.org>
Date: Sat, 13 Sep 2003 01:18:39 -0400 (EDT)
Message-id: <[🔎] Pine.LNX.4.58.0309130113100.29498@jyoti.intranet.braincells.com>
Reply-to: "Jaldhar H. Vyas" <jaldhar@debian.org>

I have updated my unofficial unofficial pine packages in response to some
security problems which have recently been discovered with pine.

A buffer overflow exists in the way unpatched versions of Pine prior to
4.57 handle the 'message/external-body' type. The Common Vulnerabilities
and Exposures project (cve.mitre.org/) has assigned the name CAN-2003-0720
to this issue.

An integer overflow exists in the Pine MIME header parsing in versions
prior to 4.57.  The Common Vulnerabilities and Exposures project
(cve.mitre.org/) has assigned the name CAN-2003-0721 to this issue.

Both of these flaws could be exploited by a remote attacker sending a
carefully crafted email to the victim that will execute arbitrary code
when the email is opened using Pine.

You can find instructions for downloading my packages at
http://www.braincells.com/open/  If you are using an earlier version
please upgrade ASAP.

One change I had to make in this version was to use the internal static
c-client lib instead of the Debian package.  I don't think it will make
any difference but if you notice any weird problems, please let me know.

-- 
Jaldhar H. Vyas <jaldhar@debian.org>
La Salle Debain - http://www.braincells.com/debian/

Reply to:

Prev by Date: security update broke X
Next by Date: all KDE app builds fail
Previous by thread: Re: security update broke X
Next by thread: all KDE app builds fail
Index(es):
- Date
- Thread