CAN-2005-2491, http://securitytracker.com/id?1014744
A remote or local user may be able to supply a specially crafted
regular expression to trigger a heap integer overflow in PCRE.
ok pvalchev@
- no more sgid _mixmaster
- no more global pool
- every user has his own pool/config in ~/.Mix, with
SYSCONFDIR/mixmaster/client.cfg providing a default configuration
- add sample script to fetch remailer keys/statistics
from Peter Palfrader <peter at palfrader dot org>
- remove WWW while here
- fix a bounds warning
- bump PKGNAME
--
This software comes in a client only configuration! If you want
to setup a mixmaster server, read through the example files,
man page and keep in mind, that the server stores all it's files
in $MIXPATH (/etc/mixmaster by default).
The purpose of anonymous remailers (hereafter simply remailers) is
to provide protection against traffic analysis. Traffic analysis
is the study of who you are communicating with, when, and how often.
This reveals more than you might expect about your activities. It
will indicate who your friends and colleagues are (and they can be
told apart by looking at the times you contact them). What your
interests are, from which catalog companies you contact, and which
ftp and WWW sites you visit. Traffic analysis can even reveal
business secrets, e.g. your frequent contact with a rival could
give hints of an impending merger.
Remailers protect your e-mail from traffic analysis. The original
remailers did this by removing all headers, except the subject line,
from any message you sent to them and then forwarding them a
destination of your choice. The recipient of such a message would
not know who had sent it.
The addition of encryption to this scheme gave significant protection
from attackers who simply look a the primary improvement with the
type 2 remailer Mixmaster.
WWW: http://mixmaster.shinn.net
Submitted by Nikolay Sturm <nikolay.sturm@desy.de>
