From owner-freebsd-security  Fri Jan  4 18:49:31 2002
Delivered-To: freebsd-security@freebsd.org
Received: from empty1.ekahuna.com (empty1.ekahuna.com [198.144.200.196])
	by hub.freebsd.org (Postfix) with ESMTP id 5B9E637C01C
	for <security@FreeBSD.ORG>; Fri,  4 Jan 2002 18:40:00 -0800 (PST)
Received: from pc-02 (pc02.ekahuna.com [198.144.200.197])
          by empty1.ekahuna.com (Post.Office MTA v3.5.3 release 223
          ID# 0-0U10L2S100V35) with ESMTP id com
          for <security@FreeBSD.ORG>; Fri, 4 Jan 2002 18:39:59 -0800
From: "Philip J. Koenig" <pjklist@ekahuna.com>
Organization: The Electric Kahuna Organization
To: security@FreeBSD.ORG
Date: Fri, 4 Jan 2002 18:40:00 -0800
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Subject: Security advisory SA-02:04 typo?
Reply-To: pjklist@ekahuna.com
Message-ID: <3C35F700.20238.29BF6BB@localhost>
X-mailer: Pegasus Mail for Win32 (v3.12c)
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


I got this today:


>=== FreeBSD-SA-02:04          Security Advisory                   FreeBSD, Inc.
> 
> Topic:          mutt ports contain remotely exploitable buffer overflow
> 
> Category:       ports
> Module:         mutt
> Announced:      2002-01-04
> Credits:        Joost Pol <joost@contempt.nl>
> Affects:        Ports collection prior to the correction date
> Corrected:      2002-01-02 13:52:03 UTC (ports/mail/mutt: 1.2.x)
>                 2002-01-02 03:39:01 UTC (ports/mail/mutt-devel: 1.3.x)
> FreeBSD only:   NO
> 
> I.   Background
> 
> Mutt is a small but very powerful text-based mail client for Unix
> operating systems.
> 
> II.  Problem Description
> 
> The mutt ports, versions prior to mutt-1.2.25_1 and
> mutt-devel-1.3.24_2, contain a buffer overflow in the handling of
> email addresses in headers.


Shall I assume the "1.2.25_1" string above is a typo?  Is it really 
the versions prior to 1.2.5_1?  Because I would think 1.2.2x seems to 
be pretty old at this point.


Phil



--
Philip J. Koenig                                       pjklist@ekahuna.com
Electric Kahuna Systems -- Computers & Communications for the New Millenium


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message