Date: Sat, 5 Jan 2002 06:04:26 +0000 From: "Aleksandar Simic'" <alex@frustum.clara.co.uk> To: security@FreeBSD.ORG Subject: Re: Security advisory SA-02:04 typo? Message-ID: <20020105060426.A9217@frustum.clara.co.uk> In-Reply-To: <3C35F700.20238.29BF6BB@localhost>; from pjklist@ekahuna.com on Fri, Jan 04, 2002 at 06:40:00PM -0800 References: <3C35F700.20238.29BF6BB@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jan 04, 2002 at 06:40:00PM -0800, Philip J. Koenig wrote: [...] > > The mutt ports, versions prior to mutt-1.2.25_1 and > > mutt-devel-1.3.24_2, contain a buffer overflow in the handling of > > email addresses in headers. > > > Shall I assume the "1.2.25_1" string above is a typo? Is it really > the versions prior to 1.2.5_1? Because I would think 1.2.2x seems to > be pretty old at this point. Good point, and what about the actual package names ? In the advisory the following URLs are listed as fixed packages: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/mail/mutt-1.2.5_1.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/mail/mutt-devel-1.3.24_2.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/mail/mutt-1.2.5_1.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/mail/mutt-devel-1.3.24_2.tgz from ftp.freebsd.org -------------------- ftp> pwd 257 "/pub/FreeBSD/ports/i386/packages-4-stable/mail" ftp> ls mutt* mutt-1.2.5.tgz -> ../All/mutt-1.2.5.tgz mutt-devel-1.3.24_1.tgz -> ../All/mutt-devel-1.3.24_1.tgz ftp> pwd 257 "/pub/FreeBSD/ports/i386/packages-5-current/mail" ftp> ls mutt* mutt-1.2.5.tgz -> ../All/mutt-1.2.5.tgz mutt-devel-1.3.24_1.tgz -> ../All/mutt-devel-1.3.24_1.tgz not mutt-1.2.5_1.tgz but mutt-1.2.5.tgz is found. ^^ ^ The same is with mutt-devel-1.3.24_2.tgz, as only ^^ mutt-devel-1.3.24_1.tgz is listed. ^^ So is mutt-1.2.5_1.tgz the same as mutt-1.2.5.tgz ? And is mutt-devel-1.3.24_2.tgz the same as mutt-devel-1.3.24_1.tgz ? Thanks, --Alex To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020105060426.A9217>