Subject: pkg/19239: mail/pine is insecure
To: None <>
From: None <>
List: netbsd-bugs
Date: 12/02/2002 10:28:39
>Number:         19239
>Category:       pkg
>Synopsis:       pine<4.50 has security issues
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Mon Dec 02 10:29:00 PST 2002
>Release:        NetBSD 1.6
System: NetBSD 1.6 NetBSD 1.6 (JCR-20020927) #3: Sat Sep 28 13:40:20 PDT 2002 i386
Architecture: i386
Machine: i386
Pine has security issues.
Messages to bugtraq confirmed that
"An attacker can send a fully legal email message with a crafted
From-header and thus forcing pine to core dump on startup."


Maybe it can be exploited.
The 4.50 version apparently fixes the problem.

Either add patch to existing pine-4.44 and add PKGREVISION;
and add to vulnerabilities:
pine<=4.44	denial-of-service

Or update to 4.50.
pine<=4.50	denial-of-service

Since the pine webpage says their are multiple bugs fixed,
it is probably a good idea to just go to 4.50 (and hope
nothing else is broken).