Date: Sat, 4 Nov 2000 14:12:35 -0600 (CST) From: Mike Silbersack <silby@silby.com> To: freebsd-security@freebsd.org Subject: pine 4.30 improvements Message-ID: <Pine.BSF.4.21.0011041356140.38184-100000@achilles.silby.com>
next in thread | raw e-mail | index | archive | help
Although the port hasn't been updated yet, I thought some people might be interested in what changed from pine 4.21 to 4.30 (security-wise.) In short, they've tried to make it more secure, but aren't quite there yet. Many more cases of bounds checking of strings have appeared, although it's not yet perfect. At current, they're limiting themselves by not using snprintf/strlcpy/strlcat, so auditing whether the code is safe is still a very difficult job. However, if they keep moving in this direction, it seems likely that pine will be able to be considered safe within a release or two. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0011041356140.38184-100000>