mailing list archives
Re: MDKSA-2000:073 - pine update
From: Kris Kennaway <kris () FREEBSD ORG>
Date: Tue, 21 Nov 2000 23:57:47 -0800
On Mon, Nov 20, 2000 at 06:19:42PM -0700, Linux Mandrake Security Team wrote:
By adding specific headers to messages, the pine mail reader could be
made to exit with an error message when users attempted to manipulate
mail folders containing those messages.
The most recent problem was worse than that; remote code
execution. This seems to describe an older vulnerability in pine.
See the following advisories for reference, on
-rw-r--r-- 1 1001 207 4196 Sep 17 08:51 FreeBSD-SA-00:47.pine.asc
-rw-r--r-- 1 1001 207 4136 Oct 30 23:04 FreeBSD-SA-00:59.pine.asc