Date: Fri, 4 Jan 2002 21:07:30 -0600 (CST) From: Tim Zingelman <zingelman@fnal.gov> To: "Philip J. Koenig" <pjklist@ekahuna.com> Cc: security@FreeBSD.ORG Subject: Re: Security advisory SA-02:04 typo? Message-ID: <Pine.GSO.4.43.0201042056550.5851-100000@nova.fnal.gov> In-Reply-To: <3C35F700.20238.29BF6BB@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 4 Jan 2002, Philip J. Koenig wrote: > >=== FreeBSD-SA-02:04 Security Advisory FreeBSD, Inc. > > > > Topic: mutt ports contain remotely exploitable buffer overflow > > > > Category: ports > > Module: mutt > > Announced: 2002-01-04 > > Credits: Joost Pol <joost@contempt.nl> > > Affects: Ports collection prior to the correction date > > Corrected: 2002-01-02 13:52:03 UTC (ports/mail/mutt: 1.2.x) > > 2002-01-02 03:39:01 UTC (ports/mail/mutt-devel: 1.3.x) > > FreeBSD only: NO > > > > I. Background > > > > Mutt is a small but very powerful text-based mail client for Unix > > operating systems. > > > > II. Problem Description > > > > The mutt ports, versions prior to mutt-1.2.25_1 and > > mutt-devel-1.3.24_2, contain a buffer overflow in the handling of > > email addresses in headers. > > > Shall I assume the "1.2.25_1" string above is a typo? Is it really > the versions prior to 1.2.5_1? Because I would think 1.2.2x seems to > be pretty old at this point. This is not a typo. The FreeBSD PORT version is "1.2.25_1" indicating that the 1.2.25 port has been updated once (to repair the security issue). This port patches the 1.2.25 source tarball rather than using the 1.2.25.1 source tarball. The latest stable version of mutt available from www.mutt.org is 1.2.25.1, and it also has the security fix. - Tim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.43.0201042056550.5851-100000>