Subject: pkg/22748: mail/pine should be updated -- security vulnerabilities
To: None <gnats-bugs@gnats.netbsd.org>
From: None <reed@reedmedia.net>
List: netbsd-bugs
Date: 09/11/2003 10:16:44
>Number:         22748
>Category:       pkg
>Synopsis:       mail/pine should be updated -- security vulnerabilities
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Thu Sep 11 17:17:00 UTC 2003
>Closed-Date:
>Last-Modified:
>Originator:     
>Release:        NetBSD 1.6.1_STABLE
>Organization:
http://bsd.reedmedia.net/
>Environment:
	
	
System: NetBSD rainier.reedmedia.net 1.6.1_STABLE NetBSD 1.6.1_STABLE (GENERIC) #0: Tue Aug 12 02:52:57 PDT 2003 reed@rainier.reedmedia.net:/usr/src/sys/arch/i386/compile/GENERIC i386
Architecture: i386
Machine: i386
>Description:
pine has security vulnerabilites; see
iDEFENSE Security Advisory 09.10.03: Two Exploitable Overflows in PINE
CAN-2003-0720: Vulnerability 1 - PINE buffer overflow in its handling
of the 'message/external-body' type.
CAN-2003-0721: Vulnerability 2 - PINE integer overflow in MIME header
parsing.

>How-To-Repeat:
	
>Fix:
add to pkg-vulnerabilities:
from our types of vulnerabilities I am not sure which matches up best.

pine<4.58	remote-code-execution	http://www.idefense.com/advisory/09.10.03.txt

PINE 4.58 fixes both of these issues

(I may update this; my version also puts config in place.)
>Release-Note:
>Audit-Trail:
>Unformatted: