Bugtraq mailing list archives

[Announce] mutt-1.0pre3 is out / security fix.

From: roessler () GUUG DE (Thomas Roessler)
Date: Sat, 25 Sep 1999 09:39:02 +0200


Mutt 1.0pre3 is out.  This is another version from the release
candidate series.  The reason for immediately releasing this version
is a buffer overflow in the text/enriched handler which can be
triggered by means of suitably-formatted e-mail messages.  Thus, we
recommend you upgrade your mutt installations immediately.

If a complete upgrade to the new mutt version is not an option for
you, please apply the patch which can be found under the following
URL:

ftp://ftp.mutt.org/pub/mutt/patch-0.96.6i.tlr.text_enriched.1

Download information
====================

You can retrieve the distribution files from the following sites:

     * ftp://ftp.mutt.org/pub/mutt/ (primary site)
     * ftp://ftp.guug.de/pub/mutt/  (same machine, different host name)
     * ftp://riemann.iam.uni-bonn.de/pub/mutt/
     * ftp://ftp.gbnet.net/pub/mutt-international/
     * ftp://ftp.fu-berlin.de/pub/unix/mail/mutt/
     * ftp://ftp.gwdg.de/pub/unix/mail/mutt/international/
     * ftp://ftp.iks-jena.de/pub/mitarb/lutz/crypt/software/pgp/mutt/
     * ftp://uiarchive.cso.uiuc.edu/pub/packages/mail/mutt/
     * ftp://ftp.lip6.fr/pub/unix/mail/mutt/
     * ftp://ftp.42.org/pub/unix/mail/mutt/
     * ftp://gd.tuwien.ac.at/infosys/mail/mutt/
     * ftp://ftp.demon.co.uk/pub/mirrors/mutt/
     * ftp://ftp.ntua.gr/pub/net/mail/mutt/
     * ftp://ftp.cdrom.com/pub/unixfreeware/email/mutt/
     * ftp://ftp.kfki.hu/pub/packages/mail/mutt/
     * ftp://sunsite.uio.no/pub/mail/mutt/
     * ftp://pgp.rasip.fer.hr/pub/mutt/
     * ftp://ftp.arch.pwr.wroc.pl/pub/mutt/
     * ftp://ftp.uib.no/pub/mutt/
     * ftp://ftp.spyda.net/pub/mutt/
     * ftp://ftp.linux.it/pub/mirrors/mutt/
     * ftp://ftp.funet.fi/pub/unix/mail/mutt/

Most of the mirror sites will need some hours to fetch the new
version.     

Checksums
=========

The following checksums have been generated using the md5sum(1)
utility.  Note that, for the tar balls, detached PGP signatures are
available.

26bdd3ac6c70ed9215c7a7ba2deb10a6  diff-1.0pre2-1.0pre3.gz
20fa60e133ae10a2d4796c55968929c0  diff-1.0pre2i-1.0pre3i.gz
9095588285cc4cb5ca630b030e76543a  mutt-1.0pre3.tar.gz
11d65ce99f5eff0a0b4670c2d6b30579  mutt-1.0pre3i.tar.gz

<!-- attachment="bin0a28624" -->
<HR>
<UL>
<LI>application/pgp-signature attachment: stored
</UL>

Current thread:

SCO 5.0.5 /bin/doctor nightmare Brock Tellier (Sep 08)
- Several ActiveX Buffer Overruns Shane Hird (Sep 23)
- Re: QMS2060 security hole Frank Bures (Sep 24)
- [Announce] mutt-1.0pre3 is out / security fix. Thomas Roessler (Sep 25)
- DoS Exploit in Eicon Diehl LAN ISDN Modem Björn Stickler (Sep 26)