Subject: Re: What to do about unfixed vulnerabilities?
To: Hubert Feyrer <>
From: Trevor Johnson <>
List: tech-pkg
Date: 10/23/2000 14:33:59
Hubert Feyrer wrote:

> On Mon, 23 Oct 2000, Paul Hoffman wrote:
> >      Package pine-4.21 has a denial-of-service vulnerability,
> >      see
> > 
> > Yes, but pine-4.21 is the current version of pine.
> IIRC the problem is fixed in pine-4.21nb1.

I notice this in FreeBSD's ports/mail/pine4/Makefile,v:

@Mark FORBIDDEN: known buffer overflows exploitable by remote email.
Parenthetically, no software which uses 4299 sprintf/strcpy/strcat
calls can possibly be safe - I don't expect to remove this FORBIDDEN
tag any time soon. :-(
Trevor Johnson