La Salle Debain



June
Sun Mon Tue Wed Thu Fri Sat
     
26 27 28 29 30    


Open Source @ Consolidated Braincells Inc.

About La Salle Debain

This is a weblog I'm keeping about my work on Debian and any other useful Debian related info I come across. It is not meant to compete with other news sources like Debian Weekly News or Debian Planet. Mostly it is just a way for me to classify and remember all the random bits of information that I have floating around me. I thought maybe by using a blog it could be of some use to others too. Btw. "I" refers to Jaldhar H. Vyas, Debian developer for over 5 years. If you want to know more about me, my home page is here.

The name? Debain is a very common misspelling of Debian and la salle de bains means bathroom in French.

If you have a comment to make on something you read here, feel free to write to me at jaldhar@debian.org.

You can get an rss 0.91 feed of any page in the blog by appending ?flav=rss to the end of the URL.

Sat, 13 Sep 2003

New pine .debs: Fix security problems

I've made some new .debs of pine available.

A buffer overflow exists in the way unpatched versions of Pine prior to 4.57 handle the 'message/external-body' type. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2003-0720 to this issue.

An integer overflow exists in the Pine MIME header parsing in versions prior to 4.57. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2003-0721 to this issue.

Both of these flaws could be exploited by a remote attacker sending a carefully crafted email to the victim that will execute arbitrary code when the email is opened using Pine. So please upgrade ASAP.


posted at: 00:03 | #