From owner-freebsd-security Fri Sep 29 0:33:34 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 9DB4837B422; Fri, 29 Sep 2000 00:33:31 -0700 (PDT) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id AAA71707; Fri, 29 Sep 2000 00:33:31 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Fri, 29 Sep 2000 00:33:31 -0700 (PDT) From: Kris Kennaway To: security@freebsd.org Cc: bugtraq@securityfocus.com Subject: cvs commit: ports/mail/pine4 Makefile (fwd) Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org It almost killed me to see this: mollari# find pine4.21 -type f | xargs egrep '(sprintf|strcpy|strcat)' | wc -l 4299 Don't use pine - I don't believe it is practical to make it secure. :-( Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe ---------- Forwarded message ---------- Date: Fri, 29 Sep 2000 00:28:48 -0700 (PDT) From: Kris Kennaway To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: ports/mail/pine4 Makefile kris 2000/09/29 00:28:48 PDT Modified files: mail/pine4 Makefile Log: Mark FORBIDDEN: known buffer overflows exploitable by remote email. Parenthetically, no software which uses 4299 sprintf/strcpy/strcat calls can possibly be safe - I don't expect to remove this FORBIDDEN tag any time soon. :-( Revision Changes Path 1.43 +3 -1 ports/mail/pine4/Makefile To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message