Date: Sat, 04 Mar 2000 10:04:00 +0000 From: Brian Somers <brian@Awfulhak.org> To: Kris Kennaway <kris@FreeBSD.ORG> Cc: cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, brian@hak.lan.Awfulhak.org Subject: Re: cvs commit: ports/mail/mh Makefile Message-ID: <200003041004.KAA07086@hak.lan.Awfulhak.org> In-Reply-To: Message from Kris Kennaway <kris@FreeBSD.ORG> of "Fri, 03 Mar 2000 22:52:43 PST." <200003040652.WAA07072@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
I think this requires USE_NMH in ports/Mk/bsd.port.mk to avoid
breaking exmh2 (and probably others).
> kris 2000/03/03 22:52:43 PST
>
> Modified files:
> mail/mh Makefile
> Log:
> Put on my security hardhat and mark this port FORBIDDEN - it has a buffer
> overflow in the MIME parsing code which is remotely exploitable via
> email. The nmh port had a similar bug which was fixed in the 1.0.2 upgrade.
>
> Because this software is apparently no longer under active development it
> may be unlikely to get fixed.
>
> Obtained from: Dan Harkless <dan-bugtraq@dilvish.speed.net> via BugTraq
>
> Revision Changes Path
> 1.16 +3 -1 ports/mail/mh/Makefile
--
Brian <brian@Awfulhak.org> <brian@[uk.]FreeBSD.org>
<http://www.Awfulhak.org>; <brian@[uk.]OpenBSD.org>
Don't _EVER_ lose your sense of humour !
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200003041004.KAA07086>