From owner-freebsd-ports  Sat Mar  4  6:37:32 2000
Delivered-To: freebsd-ports@freebsd.org
Received: from ns11.rim.or.jp (ns11.rim.or.jp [202.247.130.230])
	by hub.freebsd.org (Postfix) with ESMTP
	id 6FB7F37B574; Sat,  4 Mar 2000 06:37:28 -0800 (PST)
	(envelope-from max@wide.ad.jp)
Received: from rayearth.rim.or.jp (rayearth.rim.or.jp [202.247.130.242]) by ns11.rim.or.jp (8.8.8/3.5Wpl2-ns11/RIMNET-2) with ESMTP
	id XAA28385; Sat, 4 Mar 2000 23:37:10 +0900 (JST)
Received: (from uucp@localhost) by rayearth.rim.or.jp (8.8.8/3.5Wpl2-uucp1/RIMNET) with UUCP
	id XAA11861; Sat, 4 Mar 2000 23:37:09 +0900 (JST)
Received: from fr.aslm.rim.or.jp (fr.aslm.rim.or.jp [192.168.1.2]) by mail.aslm.rim.or.jp (8.9.3/3.5Wpl3-SMTP) with ESMTP id XAA47617; Sat, 4 Mar 2000 23:33:48 +0900 (JST)
Date: Sat, 04 Mar 2000 23:32:59 +0900
Message-ID: <87putahkkk.wl@fr.aslm.rim.or.jp>
From: Masafumi NAKANE <max@wide.ad.jp>
To: asami@FreeBSD.org
Cc: ports@FreeBSD.org
Subject: japanese/pine [was Re: BROKEN_ELF ports]
In-Reply-To: In your message of "01 Mar 2000 01:50:27 -0800"
	<vqcog8zaujg.fsf@silvia.hip.berkeley.edu>
References: <200002252252.OAA54252@silvia.hip.berkeley.edu>
	<87bt54ptye.wl@fr.aslm.rim.or.jp>
	<vqc9003mq61.fsf@silvia.hip.berkeley.edu>
	<87og8zo1c5.wl@fr.aslm.rim.or.jp>
	<vqcog8zaujg.fsf@silvia.hip.berkeley.edu>
User-Agent: Wanderlust/2.2.18 (Please Forgive Me) REMI/1.14.0 (Uragawara) FLIM/1.13.2 (Kasanui) APEL/10.1 Emacs/20.5 (i386--freebsd) MULE/4.0 (HANANOEN)
X-PGP-Fingerprint: EB40 BCAB 4CE5 0764 9942  378C 9596 159E CE35 6B59
X-ICQ-UIN: 46494717
MIME-Version: 1.0 (generated by REMI 1.14.0 - "Uragawara")
Content-Type: text/plain; charset=US-ASCII
Sender: owner-freebsd-ports@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Hi,

I looked at japanese/pine a bit more closely.  One of the things I've
been concerned about was it uses japanese/mimekit, whose source is now
included in net/delegate's distfile, which is known to be insecure.

As I looked at mimekit source code, sprintf() is used in more than
just a few places.  Since I haven't looked at the code too closely,
I'm not so sure if they immediately cause security problems, but I
have a feeling they probably would.

Because of this, I'm now inclined to remove mimekit and ja-pine unless
someone else would like to maintain them, of course after modifying
them to be secure.

Any comments?

     Cheers,
Max


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message