Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

cvs commit: ports/mail/pine4 Makefile (fwd)

From: Kris Kennaway <kris () FREEBSD ORG>
Date: Fri, 29 Sep 2000 00:33:31 -0700
It almost killed me to see this:

mollari# find pine4.21 -type f | xargs egrep '(sprintf|strcpy|strcat)' | wc -l
    4299

Don't use pine - I don't believe it is practical to make it secure. :-(

Kris

--
In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <forsythe () alum mit edu>

---------- Forwarded message ----------
Date: Fri, 29 Sep 2000 00:28:48 -0700 (PDT)
From: Kris Kennaway <kris () FreeBSD org>
To: cvs-committers () FreeBSD org, cvs-all () FreeBSD org
Subject: cvs commit: ports/mail/pine4 Makefile

kris        2000/09/29 00:28:48 PDT

  Modified files:
    mail/pine4           Makefile
  Log:
  Mark FORBIDDEN: known buffer overflows exploitable by remote email.

  Parenthetically, no software which uses 4299 sprintf/strcpy/strcat
  calls can possibly be safe - I don't expect to remove this FORBIDDEN
  tag any time soon. :-(

  Revision  Changes    Path
  1.43      +3 -1      ports/mail/pine4/Makefile
Previous By Date Next
Previous By Thread Next

Current thread: