[prev in list] [next in list] [prev in thread] [next in thread] 

List:       suse-security
Subject:    PINE and holes
From:       Tobias Burnus <burnus () gmx ! de>
Date:       2000-10-31 20:21:06
[Download RAW message or body]

Hi,

the FreeBSD has recently issued two security warnings concerning PINE
4.21
SA-00:47: pine4 port allows denial of service
SA-00:59: pine4 port contains remote vulnerability
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:47.pine.asc
http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Fthreads%3D0%26e \
nd%3D2000-11-04%26fromthread%3D0%26mid%3D142048%26list%3D1%26start%3D2000-10-29%26

and on the pine site they claim that they fixed these security related
bugs in 4.30.
> Bugs that have been addressed in this release include:
> 
> * Incoming mail with an extremely long From address can cause a
> buffer overflow on the stack (security)
> * X-Keywords crash for unix formatted mailboxes
> * Pine crashes when replying to or forwarding messages with certain
> types of attachments

Can we expect an update or is SuSE's 4.21-123 not vulnerable to either
bugs.

Tobias


[prev in list] [next in list] [prev in thread] [next in thread]