From owner-freebsd-security Mon Sep 18 9:39:16 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 40E2637B423; Mon, 18 Sep 2000 09:39:13 -0700 (PDT) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id JAA77029; Mon, 18 Sep 2000 09:39:13 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Mon, 18 Sep 2000 09:39:13 -0700 (PDT) From: Kris Kennaway To: Igor Roshchin Cc: security-advisories@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: FreeBSD Ports Security Advisory: FreeBSD-SA-00:47.pine In-Reply-To: <200009181629.MAA16045@giganda.komkon.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 18 Sep 2000, Igor Roshchin wrote: > > Would somebody, please, clarify if the older > pine3 port is also vulnerable ? > I know that it is no longer supported in the ports collection, > but it is still being used. > Since pine3 port is not formally a pine4 port, although > its version is before 4.21, it is not clear if this bug > existed since the 3.xx period or it was introduced in 4.xx > version. I have no idea - but you definitely should not be using pine3, there were many security bugs with that version - details escape me, but I think they included remotely exploitable buffer overflows. Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message