Subject: pkg/22748: mail/pine should be updated -- security vulnerabilities
To: None <gnats-bugs@gnats.netbsd.org>
From: None <reed@reedmedia.net>
List: netbsd-bugs
Date: 09/11/2003 10:16:44
>Number: 22748
>Category: pkg
>Synopsis: mail/pine should be updated -- security vulnerabilities
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: pkg-manager
>State: open
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Thu Sep 11 17:17:00 UTC 2003
>Closed-Date:
>Last-Modified:
>Originator:
>Release: NetBSD 1.6.1_STABLE
>Organization:
http://bsd.reedmedia.net/
>Environment:
System: NetBSD rainier.reedmedia.net 1.6.1_STABLE NetBSD 1.6.1_STABLE (GENERIC) #0: Tue Aug 12 02:52:57 PDT 2003 reed@rainier.reedmedia.net:/usr/src/sys/arch/i386/compile/GENERIC i386
Architecture: i386
Machine: i386
>Description:
pine has security vulnerabilites; see
iDEFENSE Security Advisory 09.10.03: Two Exploitable Overflows in PINE
CAN-2003-0720: Vulnerability 1 - PINE buffer overflow in its handling
of the 'message/external-body' type.
CAN-2003-0721: Vulnerability 2 - PINE integer overflow in MIME header
parsing.
>How-To-Repeat:
>Fix:
add to pkg-vulnerabilities:
from our types of vulnerabilities I am not sure which matches up best.
pine<4.58 remote-code-execution http://www.idefense.com/advisory/09.10.03.txt
PINE 4.58 fixes both of these issues
(I may update this; my version also puts config in place.)
>Release-Note:
>Audit-Trail:
>Unformatted: