d/sec-pine

To: redhat-announce-list@redhat.com
Subject: pine-4.10-3 - security update
From: Simon Liddington <sjl96v@ecs.soton.ac.uk>
Date: 09 Feb 1999 17:48:00 +0000


Here we go again. If only I had released this a week later ;->

A remote exploit has been found in pine and a patch was posted on
BUGTRAQ by "Terence C. Haddock" <thaddock@POBOXES.COM>. I have added
this patch to my rpms 'as is'.

DISCLAIMER: I make no guarantee about the security of these rpms.

Uploaded to incoming.redhat.com:/libc6, also available from
ftp://rayleigh.ecs.soton.ac.uk/pub until they are moved to contrib.

Name        : pine                        Distribution: (none)
Version     : 4.10                              Vendor: (none)
Release     : 3                             Build Date: Tue Feb  9 16:47:17 1999
Install date: Tue Feb  9 17:28:37 1999      Build Host: rayleigh.ecs.soton.ac.uk
Group       : Applications/Mail             Source RPM: pine-4.10-3.src.rpm
Size        : 3508597                     Architecture: i386
License     : distributable
Packager    : Simon Liddington <sjl96v@ecs.soton.ac.uk>
URL         : http://www.washington.edu/pine
Summary     : MIME compliant mail reader w/ news support as well
Description :
Pine is a very full featured text based mail and news client. It is
aimed at both novice and expert users. It includes an easy to use editor,
pico, for composing messages. Pico has gained popularity as a stand
alone text editor in it's own right. It features MIME support, address
books, and support for IMAP, mail, and MH style folders.
* Tue Feb 09 1999 Simon Liddington <sjl96v@ecs.soton.ac.uk>

- fixed glibc patch which had lost bits in upgrade to 4.10
- added patch by "Terence C. Haddock" <thaddock@POBOXES.COM> posted on BUGTRAQ to fix remote exploit hole

* Mon Feb 08 1999 Simon Liddington <sjl96v@ecs.soton.ac.uk>

- added patch from Charles R. Anderson <cra@angus.ind.WPI.EDU> to (possibly) fix resizing bug

* Fri Feb 05 1999 Simon Liddington <sjl96v@ecs.soton.ac.uk>

- upgrade to 4.10

* Tue Feb 02 1999 Simon Liddington <sjl96v@ecs.soton.ac.uk>

- added a patch to make sure X-Sender gets set with real login name
- added a patch to include user_id in configurable options under UNIX
- added patch to do pretty colours

* Fri Oct 09 1998 Cristian Gafton <gafton@redhat.com>

- use termios instead of termio (patch used to be in here...)
- use terminfo instead of termcap and link against ncurses instead of termcap
- supply -lcrypt as a standard lib

-- 
-----------------------------------------------------------------------
| Simon Liddington                 |                                  |
| E-Mail : sjl96v@ecs.soton.ac.uk  |  Tel (work) : +44 (0)1703 592422 |
-----------------------------------------------------------------------


-- 
To unsubscribe:
mail -s unsubscribe redhat-announce-list-request@redhat.com < /dev/null