On Fri, 4 Jan 2002, Philip J. Koenig wrote:

> >=== FreeBSD-SA-02:04 Security Advisory FreeBSD, Inc.
> >
> > Topic: mutt ports contain remotely exploitable buffer overflow
> >
> > Category: ports
> > Module: mutt
> > Announced: 2002-01-04
> > Credits: Joost Pol <joostcontempt.nl>
> > Affects: Ports collection prior to the correction date
> > Corrected: 2002-01-02 13:52:03 UTC (ports/mail/mutt: 1.2.x)
> > 2002-01-02 03:39:01 UTC (ports/mail/mutt-devel: 1.3.x)
> > FreeBSD only: NO
> >
> > I. Background
> >
> > Mutt is a small but very powerful text-based mail client for Unix
> > operating systems.
> >
> > II. Problem Description
> >
> > The mutt ports, versions prior to mutt-1.2.25_1 and
> > mutt-devel-1.3.24_2, contain a buffer overflow in the handling of
> > email addresses in headers.
>
>
> Shall I assume the "1.2.25_1" string above is a typo? Is it really
> the versions prior to 1.2.5_1? Because I would think 1.2.2x seems to
> be pretty old at this point.

This is not a typo. The FreeBSD PORT version is "1.2.25_1" indicating
that the 1.2.25 port has been updated once (to repair the security issue).
This port patches the 1.2.25 source tarball rather than using the 1.2.25.1
source tarball.

The latest stable version of mutt available from www.mutt.org is 1.2.25.1,
and it also has the security fix.

 - Tim

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]