Date: Mon, 28 Feb 2000 18:38:05 +0100 From: Ruud de Rooij <ruud@RUUD.ORG> Subject: nmh security update To: BUGTRAQ@SECURITYFOCUS.COM -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Versions prior to 1.0.3 of the nmh package contained a vulnerability where incoming mail messages with carefully designed MIME headers could cause nmh's mhshow command to execute arbitrary shell code. This bug has been fixed in nmh 1.0.3 and we encourage you to upgrade immediately. The fixed package is available at ftp://ftp.mhost.com/pub/nmh/nmh-1.0.3.tar.gz The MD5sum of nmh-1.0.3.tar.gz is 02519bf8f7ff8590ecfbee9f9500ea07. For the nmh authors, Ruud de Rooij. - -- ruud de rooij | ruud@ruud.org | ruud@debian.org | http://ruud.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE4uq60gWpMJ0LP/ksRAohGAJ90IJAVvyF+ouPkWEFbi5bEFJrhZwCg2yoz XhNPTGQCtLHmKGcMsEuOUCE= =jZwy -----END PGP SIGNATURE-----