Date: Fri, 29 Sep 2000 00:33:31 -0700 (PDT) From: Kris Kennaway <kris@FreeBSD.org> To: security@freebsd.org Cc: bugtraq@securityfocus.com Subject: cvs commit: ports/mail/pine4 Makefile (fwd) Message-ID: <Pine.BSF.4.21.0009290030170.63575-100000@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
It almost killed me to see this:
mollari# find pine4.21 -type f | xargs egrep '(sprintf|strcpy|strcat)' | wc -l
4299
Don't use pine - I don't believe it is practical to make it secure. :-(
Kris
--
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe@alum.mit.edu>
---------- Forwarded message ----------
Date: Fri, 29 Sep 2000 00:28:48 -0700 (PDT)
From: Kris Kennaway <kris@FreeBSD.org>
To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: cvs commit: ports/mail/pine4 Makefile
kris 2000/09/29 00:28:48 PDT
Modified files:
mail/pine4 Makefile
Log:
Mark FORBIDDEN: known buffer overflows exploitable by remote email.
Parenthetically, no software which uses 4299 sprintf/strcpy/strcat
calls can possibly be safe - I don't expect to remove this FORBIDDEN
tag any time soon. :-(
Revision Changes Path
1.43 +3 -1 ports/mail/pine4/Makefile
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0009290030170.63575-100000>