From owner-cvs-all Sat Mar 4 2: 6:36 2000 Delivered-To: cvs-all@freebsd.org Received: from awfulhak.org (tun.AwfulHak.org [194.242.139.173]) by hub.freebsd.org (Postfix) with ESMTP id 6B3C637B798; Sat, 4 Mar 2000 02:06:29 -0800 (PST) (envelope-from brian@Awfulhak.org) Received: from hak.lan.Awfulhak.org (root@hak.lan.awfulhak.org [172.16.0.12]) by awfulhak.org (8.9.3/8.9.3) with ESMTP id KAA91856; Sat, 4 Mar 2000 10:04:03 GMT (envelope-from brian@hak.lan.Awfulhak.org) Received: from hak.lan.Awfulhak.org (brian@localhost [127.0.0.1]) by hak.lan.Awfulhak.org (8.9.3/8.9.3) with ESMTP id KAA07086; Sat, 4 Mar 2000 10:04:01 GMT (envelope-from brian@hak.lan.Awfulhak.org) Message-Id: <200003041004.KAA07086@hak.lan.Awfulhak.org> X-Mailer: exmh version 2.1.1 10/15/1999 To: Kris Kennaway Cc: cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, brian@hak.lan.Awfulhak.org Subject: Re: cvs commit: ports/mail/mh Makefile In-Reply-To: Message from Kris Kennaway of "Fri, 03 Mar 2000 22:52:43 PST." <200003040652.WAA07072@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sat, 04 Mar 2000 10:04:00 +0000 From: Brian Somers Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I think this requires USE_NMH in ports/Mk/bsd.port.mk to avoid breaking exmh2 (and probably others). > kris 2000/03/03 22:52:43 PST > > Modified files: > mail/mh Makefile > Log: > Put on my security hardhat and mark this port FORBIDDEN - it has a buffer > overflow in the MIME parsing code which is remotely exploitable via > email. The nmh port had a similar bug which was fixed in the 1.0.2 upgrade. > > Because this software is apparently no longer under active development it > may be unlikely to get fixed. > > Obtained from: Dan Harkless via BugTraq > > Revision Changes Path > 1.16 +3 -1 ports/mail/mh/Makefile -- Brian Don't _EVER_ lose your sense of humour ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message