Subject: Re: What to do about unfixed vulnerabilities?
To: Hubert Feyrer <firstname.lastname@example.org>
From: Trevor Johnson <email@example.com>
Date: 10/23/2000 14:33:59
Hubert Feyrer wrote:
> On Mon, 23 Oct 2000, Paul Hoffman wrote:
> > Package pine-4.21 has a denial-of-service vulnerability,
> > see http://www.securityfocus.com/advisories/2646
> > Yes, but pine-4.21 is the current version of pine.
> IIRC the problem is fixed in pine-4.21nb1.
I notice this in FreeBSD's ports/mail/pine4/Makefile,v:
@Mark FORBIDDEN: known buffer overflows exploitable by remote email.
Parenthetically, no software which uses 4299 sprintf/strcpy/strcat
calls can possibly be safe - I don't expect to remove this FORBIDDEN
tag any time soon. :-(