On Wed, 13 Apr 2005, Joey Hess wrote: > Package: pine > Severity: normal > Tags: security > > I've verified that the rpdump.c included in the pine source package is > vulnerable to the symlink attack described here: > http://msgs.securepoint.com/cgi-bin/get/bugtraq0504/126.html > > I don't see rpdump being put in any on the binary packages, but I did > not build them to check, so I'm leaving this bug's severity at normal. > If rpdump is shipped in a binary, then the bug should be release > critical.
Only two executables produced by the pine source package are actually included in binary packages, namely /usr/bin/pine in package pine and /usr/bin/pilot in package pilot. I do not consider my duty as pine maintainer to maintain dead code (which is not shipped in any binary package) which is also non-free. Do you want me to write the above in some sort of readme so that it's clear for everybody, or may I close this report directly? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
