Bugtraq mailing list archives
cvs commit: ports/mail/pine4 Makefile (fwd)
From: Kris Kennaway <kris () FREEBSD ORG>
Date: Fri, 29 Sep 2000 00:33:31 -0700
It almost killed me to see this: mollari# find pine4.21 -type f | xargs egrep '(sprintf|strcpy|strcat)' | wc -l 4299 Don't use pine - I don't believe it is practical to make it secure. :-( Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe <forsythe () alum mit edu> ---------- Forwarded message ---------- Date: Fri, 29 Sep 2000 00:28:48 -0700 (PDT) From: Kris Kennaway <kris () FreeBSD org> To: cvs-committers () FreeBSD org, cvs-all () FreeBSD org Subject: cvs commit: ports/mail/pine4 Makefile kris 2000/09/29 00:28:48 PDT Modified files: mail/pine4 Makefile Log: Mark FORBIDDEN: known buffer overflows exploitable by remote email. Parenthetically, no software which uses 4299 sprintf/strcpy/strcat calls can possibly be safe - I don't expect to remove this FORBIDDEN tag any time soon. :-( Revision Changes Path 1.43 +3 -1 ports/mail/pine4/Makefile
Current thread:
- cvs commit: ports/mail/pine4 Makefile (fwd) Kris Kennaway (Sep 29)