Pine 4.44 packages are now available to fix a problem with insecure URLhandling.
Date: Sat, 12 Jan 2002 13:35:45 -0800 (PST)
From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security] Pine update fixes insecure URL-handling
Pine 4.44 packages are now available to fix a problem with insecure URL
handling.
Here's the information from the Slackware 8.0 ChangeLog:
Sat Jan 12 13:05:33 PST 2002
patches/packages/pine.tgz: Fix a security problem with pine by upgrading
to pine4.44.
More details from the Pine Announcement List:
This note is to announce the availability of the Pine Message System
version 4.44. The purpose of this release is to fix a security
bug with the treatment of quotes in the URL-handling code. The bug
allows a malicious sender to embed commands in a URL. This bug is
present in all versions of UNIX Pine.
We recommend upgrading Pine as soon as possible.
WHERE TO FIND THE NEW PACKAGE:
------------------------------
Updated pine package for Slackware 8.0:
ftp://ftp.slackware.com/pub/slackware/slackware-8.0/patches/packages/pine.tgz
MD5 SIGNATURE:
--------------
Here is the md5sum for the package:
9511772027b579c1c2c542b4bb0d85da pine.tgz
INSTALLATION INSTRUCTIONS:
--------------------------
Simply upgrade as root:
# upgradepkg pine.tgz
Remember, it's also a good idea to backup configuration files before
upgrading packages.
- Slackware Linux Security Team
http://www.slackware.com
Pine 4.44 packages are now available to fix a problem with insecure URLhandling.