Mailinglist Archive: opensuse (4570 mails)
| < Previous | Next > |
Re: [opensuse] pine 4.64
- From: Aschwin Marsman <aschwin@xxxxxxxxxxx>
- Date: Thu, 3 Nov 2005 15:05:23 +0100 (CET)
- Message-id: <Pine.LNX.4.63.0511031453170.27530@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
On Thu, 3 Nov 2005, Allen wrote:
> On Thu, Nov 03, 2005 at 11:24:40AM +0100, Ludwig Nussel wrote:
> > Aschwin Marsman wrote:
> > > As a pine user on SUSE 10.0 I have the following version installed:
> > > > rpm -q pine
> > > pine-4.63-9
> > >
> > > On the pine site it states:
> > >
> > > Note: Install Pine 4.64, or later version, to fix a buffer overflow
> > > problem. Read iDEFENSE Security Advisory for full details.
> > > http://www.idefense.com/application/poi/display?id=313&type=vulnerabilities
> > >
> > > Will pine be upgraded to 4.64 or is this already solved in 4.63-9?
> >
> > Since you specify the mailbox names you want to use in your client
> > yourself you would only be able to exploit yourself which is
> > pointless. So no need for an update.
>
> SUSE team is one of the biggest reasons I use SUSE, you guys have proven to
> me over and over, that you not only know what you're doing, but you're
> great at what you do.
That's correct Marcus and friends are doing a great job. But when you are
looking at e.g. the lwn.net securiry page SUSE isn't always that quick, it
seams that ubuntu is the fastest in general.
> Any other distro would probably make a big deal about this telling users to
> upgrade soon. You guys understand security and know it isn't anything.
It would be nice to have a list of security flaws with those reasons included
e.g. on the openSUSE website: we looked at these flaws, we will solve the
following, we won't solve these others because... and than give the reason.
I saw Linus Torvalds (a pine user also) upgraded to the latest version.
As a user you don't want to read all security reports, I only follow the
most important ones for the tools I use daily.
Also other bugs are fixed, e.g.:
* Crash with malformed mailbox name that allows an authorized user
to run commands from the shell
* When a PC-Pine network read, or a non-SSL Unix Pine network read
took longer than Tcp-Read-Warning-Timeout (default 15 seconds)
Pine would always time out instead of allowing the user to
continue
* Bug when setting Reply-Indent-String to the Empty Value. Quote
showed up as a double quote instead of as nothing.
* Crash when Pine attempts to open a remote (IMAP, POP3, NNTP)
mailbox specification that has an unterminated quoted string in
the network part of the name
* Sorting by Score would not work after changing a message's score
by setting a keyword or changing its status
* Crash when adding then deleting the first header color
* Crash when Bouncing a message and then selecting the address to
bounce the message to using ^T and the directory server screen
* When exporting a flowed message, perform wrapping to get rid of
long lines and space stuffing
* Incorrect MESSAGE INDEX when message contains some high-bit
characters (do a better job of ensuring that control characters in
a message don't reach the screen by mistake)
* Limit amount of delay that can be caused by the system clock
jumping backwards
* Bug that caused confirmation prompt to be skipped when Apply
Saving messages with the first message in the set not having
deleted parts
* Allow commas in Customized-Hdrs fields and in header fields
defined in Roles
* When two Pines were accessing the same address book and the two
Pines had different ideas of how it should be sorted, they could
get into a slow loop changing the sort order back and forth
forever. Now give up and leave the sort alone after the first time
this happens in a session.
* When Disable-Keymenu was set the "Other" subcommand did not work
correctly in the Apply command
* When an address book contained multiple entries with the same
nickname the ^T method of selecting always selected the first
* Crash when editing the first of two address book entries with the
same nickname and changing the first from a single address into a
list of addresses
Best regards,
Aschwin Marsman
--
aschwin@xxxxxxxxxxx http://www.marsman.org
> On Thu, Nov 03, 2005 at 11:24:40AM +0100, Ludwig Nussel wrote:
> > Aschwin Marsman wrote:
> > > As a pine user on SUSE 10.0 I have the following version installed:
> > > > rpm -q pine
> > > pine-4.63-9
> > >
> > > On the pine site it states:
> > >
> > > Note: Install Pine 4.64, or later version, to fix a buffer overflow
> > > problem. Read iDEFENSE Security Advisory for full details.
> > > http://www.idefense.com/application/poi/display?id=313&type=vulnerabilities
> > >
> > > Will pine be upgraded to 4.64 or is this already solved in 4.63-9?
> >
> > Since you specify the mailbox names you want to use in your client
> > yourself you would only be able to exploit yourself which is
> > pointless. So no need for an update.
>
> SUSE team is one of the biggest reasons I use SUSE, you guys have proven to
> me over and over, that you not only know what you're doing, but you're
> great at what you do.
That's correct Marcus and friends are doing a great job. But when you are
looking at e.g. the lwn.net securiry page SUSE isn't always that quick, it
seams that ubuntu is the fastest in general.
> Any other distro would probably make a big deal about this telling users to
> upgrade soon. You guys understand security and know it isn't anything.
It would be nice to have a list of security flaws with those reasons included
e.g. on the openSUSE website: we looked at these flaws, we will solve the
following, we won't solve these others because... and than give the reason.
I saw Linus Torvalds (a pine user also) upgraded to the latest version.
As a user you don't want to read all security reports, I only follow the
most important ones for the tools I use daily.
Also other bugs are fixed, e.g.:
* Crash with malformed mailbox name that allows an authorized user
to run commands from the shell
* When a PC-Pine network read, or a non-SSL Unix Pine network read
took longer than Tcp-Read-Warning-Timeout (default 15 seconds)
Pine would always time out instead of allowing the user to
continue
* Bug when setting Reply-Indent-String to the Empty Value. Quote
showed up as a double quote instead of as nothing.
* Crash when Pine attempts to open a remote (IMAP, POP3, NNTP)
mailbox specification that has an unterminated quoted string in
the network part of the name
* Sorting by Score would not work after changing a message's score
by setting a keyword or changing its status
* Crash when adding then deleting the first header color
* Crash when Bouncing a message and then selecting the address to
bounce the message to using ^T and the directory server screen
* When exporting a flowed message, perform wrapping to get rid of
long lines and space stuffing
* Incorrect MESSAGE INDEX when message contains some high-bit
characters (do a better job of ensuring that control characters in
a message don't reach the screen by mistake)
* Limit amount of delay that can be caused by the system clock
jumping backwards
* Bug that caused confirmation prompt to be skipped when Apply
Saving messages with the first message in the set not having
deleted parts
* Allow commas in Customized-Hdrs fields and in header fields
defined in Roles
* When two Pines were accessing the same address book and the two
Pines had different ideas of how it should be sorted, they could
get into a slow loop changing the sort order back and forth
forever. Now give up and leave the sort alone after the first time
this happens in a session.
* When Disable-Keymenu was set the "Other" subcommand did not work
correctly in the Apply command
* When an address book contained multiple entries with the same
nickname the ^T method of selecting always selected the first
* Crash when editing the first of two address book entries with the
same nickname and changing the first from a single address into a
list of addresses
Best regards,
Aschwin Marsman
--
aschwin@xxxxxxxxxxx http://www.marsman.org
| < Previous | Next > |