An attacker can send a fully legal email message with a crafted
From-header and thus forcing pine to core dump on startup.
The only way to launch pine is manually removing the bad message
either directly from the spool, or from another MUA. Until the
message has been removed or edited there is no way of accessing
the INBOX using pine.
http://marc.theaimsgroup.com/?l=bugtraq&m=103668430620531&w=2
Pine has historically built against an internal copy
of the c-client library, however c-client development
has progressed beyond what is shipped with pine.
(It would appear that all new development work is
being done via UW's imap server codebase.) This change
allows pine to utilize improvements/bugfixes in the
c-client library. A consequence of this change is
that the recently reported vulnerability to BugTraq
regarding malformed X-keywords header has been fixed.
o patch doc to reflect proper location of config files
o add INSTALL/DEINSTALL scripts
o call INSTALL script from a post-install target in Makefile
o remove de-install message from packing list (now in DEINSTALL script)
THIS PORT IS NOW FROZEN FOR 2.5
