Package: pine Version: 4.62-1 Severity: grave Justification: user security hole
http://www.washington.edu/pine/ says: Note: Install Pine 4.64, or later version, to fix a buffer overflow problem. Read iDEFENSE Security Advisory for full details. The advisory is here: http://www.idefense.com/intelligence/vulnerabilities/display.php?id=313 Pine appears to use the UW-IMAP client-side IMAP library, which has a bug that allows access to the system by the user running Pine. The version of Pine shipped in Sarge is 4.62 and I've seen no security-related release to address this issue. I realize that Pine is in non-free but we're leaving our users out to dry here ... -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.13 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages pine depends on: ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii libldap2 2.1.30-8 OpenLDAP libraries ii libncurses5 5.4-4 Shared libraries for terminal hand ii libssl0.9.7 0.9.7e-3sarge1 SSL shared libraries ii mime-support 3.28-1 MIME files 'mime.types' & 'mailcap -- no debconf information -- Will -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
