Santiago Vila wrote:
> How exactly this is dangerous in *pine*? (not in the IMAP server)
The problem is that we have another case of an embedded code copy,
something we should get rid of for Etch for as many packages as
possible.
> You gain access to the system if you are running pine? That would
This one time, at band camp, Santiago Vila said:
> On Mon, 16 Jan 2006, Will Lowe wrote:
>
> > Package: pine
> > Version: 4.62-1
> > Severity: grave
> > Justification: user security hole
> >
> > http://www.washington.edu/pine/ says:
> >
> > Note: Install Pine 4.64, or later version, to fix a buf
I believe that a mailicious IMAP server can gain access to the local
system (where Pine is running).
Agree that non-free sucks, but wanted to point the problem out since
I'm sure a lot of folks are using our pine and pine-tracker packages.
On Wed, Jan 18, 2006 at 02:04:53AM +0100, Santiago Vila w
On Mon, 16 Jan 2006, Will Lowe wrote:
> Package: pine
> Version: 4.62-1
> Severity: grave
> Justification: user security hole
>
> http://www.washington.edu/pine/ says:
>
> Note: Install Pine 4.64, or later version, to fix a buffer overflow
> problem. Read iDEFENSE Security Advisory for full deta
Package: pine
Version: 4.62-1
Severity: grave
Justification: user security hole
http://www.washington.edu/pine/ says:
Note: Install Pine 4.64, or later version, to fix a buffer overflow
problem. Read iDEFENSE Security Advisory for full details.
The advisory is here:
http://www.idefense.com/inte
5 matches
Mail list logo
