[LWN Logo]

Date:         Mon, 28 Feb 2000 18:38:05 +0100
From: Ruud de Rooij <ruud@RUUD.ORG>
Subject:      nmh security update
To: BUGTRAQ@SECURITYFOCUS.COM

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Versions prior to 1.0.3 of the nmh package contained a vulnerability
where incoming mail messages with carefully designed MIME headers could
cause nmh's mhshow command to execute arbitrary shell code.

This bug has been fixed in nmh 1.0.3 and we encourage you to upgrade
immediately.  The fixed package is available at

  ftp://ftp.mhost.com/pub/nmh/nmh-1.0.3.tar.gz

The MD5sum of nmh-1.0.3.tar.gz is 02519bf8f7ff8590ecfbee9f9500ea07.

For the nmh authors,

Ruud de Rooij.
- --
ruud de rooij | ruud@ruud.org | ruud@debian.org | http://ruud.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE4uq60gWpMJ0LP/ksRAohGAJ90IJAVvyF+ouPkWEFbi5bEFJrhZwCg2yoz
XhNPTGQCtLHmKGcMsEuOUCE=
=jZwy
-----END PGP SIGNATURE-----