Date: Sat, 04 Mar 2000 23:32:59 +0900 From: Masafumi NAKANE <max@wide.ad.jp> To: asami@FreeBSD.org Cc: ports@FreeBSD.org Subject: japanese/pine [was Re: BROKEN_ELF ports] Message-ID: <87putahkkk.wl@fr.aslm.rim.or.jp> In-Reply-To: In your message of "01 Mar 2000 01:50:27 -0800" <vqcog8zaujg.fsf@silvia.hip.berkeley.edu> References: <200002252252.OAA54252@silvia.hip.berkeley.edu> <87bt54ptye.wl@fr.aslm.rim.or.jp> <vqc9003mq61.fsf@silvia.hip.berkeley.edu> <87og8zo1c5.wl@fr.aslm.rim.or.jp> <vqcog8zaujg.fsf@silvia.hip.berkeley.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi,
I looked at japanese/pine a bit more closely. One of the things I've
been concerned about was it uses japanese/mimekit, whose source is now
included in net/delegate's distfile, which is known to be insecure.
As I looked at mimekit source code, sprintf() is used in more than
just a few places. Since I haven't looked at the code too closely,
I'm not so sure if they immediately cause security problems, but I
have a feeling they probably would.
Because of this, I'm now inclined to remove mimekit and ja-pine unless
someone else would like to maintain them, of course after modifying
them to be secure.
Any comments?
Cheers,
Max
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?87putahkkk.wl>