Date: Fri, 4 Jan 2002 22:16:38 -0500 From: Chris Johnson <cjohnson@palomine.net> To: Tim Zingelman <zingelman@fnal.gov> Cc: "Philip J. Koenig" <pjklist@ekahuna.com>, security@FreeBSD.ORG Subject: Re: Security advisory SA-02:04 typo? Message-ID: <20020104221638.A35194@palomine.net> In-Reply-To: <Pine.GSO.4.43.0201042056550.5851-100000@nova.fnal.gov>; from zingelman@fnal.gov on Fri, Jan 04, 2002 at 09:07:30PM -0600 References: <3C35F700.20238.29BF6BB@localhost> <Pine.GSO.4.43.0201042056550.5851-100000@nova.fnal.gov>
next in thread | previous in thread | raw e-mail | index | archive | help
--RnlQjJ0d97Da+TV1 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jan 04, 2002 at 09:07:30PM -0600, Tim Zingelman wrote: > On Fri, 4 Jan 2002, Philip J. Koenig wrote: > > > > > > Category: ports > > > Module: mutt > > > Announced: 2002-01-04 > > > Credits: Joost Pol <joost@contempt.nl> > > > Affects: Ports collection prior to the correction date > > > Corrected: 2002-01-02 13:52:03 UTC (ports/mail/mutt: 1.2.x) > > > 2002-01-02 03:39:01 UTC (ports/mail/mutt-devel: 1.3.x) > > > FreeBSD only: NO > > > > > > I. Background > > > > > > Mutt is a small but very powerful text-based mail client for Unix > > > operating systems. > > > > > > II. Problem Description > > > > > > The mutt ports, versions prior to mutt-1.2.25_1 and > > > mutt-devel-1.3.24_2, contain a buffer overflow in the handling of > > > email addresses in headers. > > > > > > Shall I assume the "1.2.25_1" string above is a typo? Is it really > > the versions prior to 1.2.5_1? Because I would think 1.2.2x seems to > > be pretty old at this point. >=20 > This is not a typo. The FreeBSD PORT version is "1.2.25_1" indicating > that the 1.2.25 port has been updated once (to repair the security issue). > This port patches the 1.2.25 source tarball rather than using the 1.2.25.1 > source tarball. Note: 1.2.25 !=3D 1.2.5. It *is* a typo. Chris Johnson --RnlQjJ0d97Da+TV1 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8NnAVyeUEMvtGLWERAtKXAJ0dcl7cqM12EIAz6D4fu/N7eX5OoACffIbR FdAELJkWWclmlTRZO1qARYg= =vLLM -----END PGP SIGNATURE----- --RnlQjJ0d97Da+TV1-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020104221638.A35194>