decided that these legal assholes don't even deserve to be on our ftp
site. Yes, this is probably the first time I have ever commited to
the ports tree, but this is important. When people like that come and
fool our developers, I will fight back against them. pine is not free
in any sense, and we will no longer distribute it.
in that license are CONTRACT terms, and I absolutely will not accept
such bullshit anywhere near our tree. Delete with prejudice. This
should NEVER have entered our tree. pine is not free software in ANY
SENSE. People should stop using the non-free trash.
"Perhaps the most notable changes are bug fixes for broken "mbox"
functionality, for a crash when Taking to a Rule, for a crash when Sorting
on some IMAP servers, and for a problem when forwarding address book
entries and Taking them, which caused remote address book corruption.
There is some new support for reading news from more than one NNTP server,
a new tab-checks-recent feature to allow checking for new mail in a folder
without opening it, and a few other small improvements."
An attacker can send a fully legal email message with a crafted
From-header and thus forcing pine to core dump on startup.
The only way to launch pine is manually removing the bad message
either directly from the spool, or from another MUA. Until the
message has been removed or edited there is no way of accessing
the INBOX using pine.
http://marc.theaimsgroup.com/?l=bugtraq&m=103668430620531&w=2
--
This note is to announce the availability of the Pine Message System version
4.44. The purpose of this release is to fix a security bug with the treatment
of quotes in the URL-handling code. The bug allows a malicious sender to
embed commands in a URL. This bug is present in all versions of UNIX Pine.
There is no vulnerability from this bug in PC-Pine.
