rpm -q pine
Hi, As a pine user on SUSE 10.0 I have the following version installed: pine-4.63-9 On the pine site it states: Note: Install Pine 4.64, or later version, to fix a buffer overflow problem. Read iDEFENSE Security Advisory for full details. http://www.idefense.com/application/poi/display?id=313&type=vulnerabilities Will pine be upgraded to 4.64 or is this already solved in 4.63-9? Best regards from the Netherlands, Aschwin -- aschwin@marsman.org http://www.marsman.org
Aschwin Marsman wrote:
rpm -q pine
As a pine user on SUSE 10.0 I have the following version installed: pine-4.63-9
On the pine site it states:
Note: Install Pine 4.64, or later version, to fix a buffer overflow problem. Read iDEFENSE Security Advisory for full details. http://www.idefense.com/application/poi/display?id=313&type=vulnerabilities
Will pine be upgraded to 4.64 or is this already solved in 4.63-9?
Since you specify the mailbox names you want to use in your client yourself you would only be able to exploit yourself which is pointless. So no need for an update. cu Ludwig -- (o_ Ludwig Nussel //\ SUSE LINUX Products GmbH, Development V_/_ http://www.suse.de/
On Thu, Nov 03, 2005 at 11:24:40AM +0100, Ludwig Nussel wrote:
Aschwin Marsman wrote:
rpm -q pine
As a pine user on SUSE 10.0 I have the following version installed: pine-4.63-9
On the pine site it states:
Note: Install Pine 4.64, or later version, to fix a buffer overflow problem. Read iDEFENSE Security Advisory for full details. http://www.idefense.com/application/poi/display?id=313&type=vulnerabilities
Will pine be upgraded to 4.64 or is this already solved in 4.63-9?
Since you specify the mailbox names you want to use in your client yourself you would only be able to exploit yourself which is pointless. So no need for an update.
Lol, "go root yourself pine users" lololol. Sorry but that was funny. You guys are great, someone asks a questions, and you answer them but the "tone" seems to be full of humor at times. or I'm full of Vicodin and Warsteiner :) Either way. SUSE team is one of the biggest reasons I use SUSE, you guys have proven to me over and over, that you not only know what you're doing, but you're great at what you do. Any other distro would probably make a big deal about this telling users to upgrade soon. You guys understand security and know it isn't anything. -Allen. Mutt user.
cu Ludwig
-- (o_ Ludwig Nussel //\ SUSE LINUX Products GmbH, Development V_/_ http://www.suse.de/
--------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-unsubscribe@opensuse.org For additional commands, e-mail: opensuse-help@opensuse.org
On Thu, 3 Nov 2005, Allen wrote:
On Thu, Nov 03, 2005 at 11:24:40AM +0100, Ludwig Nussel wrote:
Aschwin Marsman wrote:
rpm -q pine
As a pine user on SUSE 10.0 I have the following version installed: pine-4.63-9
On the pine site it states:
Note: Install Pine 4.64, or later version, to fix a buffer overflow problem. Read iDEFENSE Security Advisory for full details. http://www.idefense.com/application/poi/display?id=313&type=vulnerabilities
Will pine be upgraded to 4.64 or is this already solved in 4.63-9?
Since you specify the mailbox names you want to use in your client yourself you would only be able to exploit yourself which is pointless. So no need for an update.
SUSE team is one of the biggest reasons I use SUSE, you guys have proven to me over and over, that you not only know what you're doing, but you're great at what you do.
That's correct Marcus and friends are doing a great job. But when you are looking at e.g. the lwn.net securiry page SUSE isn't always that quick, it seams that ubuntu is the fastest in general.
Any other distro would probably make a big deal about this telling users to upgrade soon. You guys understand security and know it isn't anything.
It would be nice to have a list of security flaws with those reasons included e.g. on the openSUSE website: we looked at these flaws, we will solve the following, we won't solve these others because... and than give the reason. I saw Linus Torvalds (a pine user also) upgraded to the latest version. As a user you don't want to read all security reports, I only follow the most important ones for the tools I use daily. Also other bugs are fixed, e.g.: * Crash with malformed mailbox name that allows an authorized user to run commands from the shell * When a PC-Pine network read, or a non-SSL Unix Pine network read took longer than Tcp-Read-Warning-Timeout (default 15 seconds) Pine would always time out instead of allowing the user to continue * Bug when setting Reply-Indent-String to the Empty Value. Quote showed up as a double quote instead of as nothing. * Crash when Pine attempts to open a remote (IMAP, POP3, NNTP) mailbox specification that has an unterminated quoted string in the network part of the name * Sorting by Score would not work after changing a message's score by setting a keyword or changing its status * Crash when adding then deleting the first header color * Crash when Bouncing a message and then selecting the address to bounce the message to using ^T and the directory server screen * When exporting a flowed message, perform wrapping to get rid of long lines and space stuffing * Incorrect MESSAGE INDEX when message contains some high-bit characters (do a better job of ensuring that control characters in a message don't reach the screen by mistake) * Limit amount of delay that can be caused by the system clock jumping backwards * Bug that caused confirmation prompt to be skipped when Apply Saving messages with the first message in the set not having deleted parts * Allow commas in Customized-Hdrs fields and in header fields defined in Roles * When two Pines were accessing the same address book and the two Pines had different ideas of how it should be sorted, they could get into a slow loop changing the sort order back and forth forever. Now give up and leave the sort alone after the first time this happens in a session. * When Disable-Keymenu was set the "Other" subcommand did not work correctly in the Apply command * When an address book contained multiple entries with the same nickname the ^T method of selecting always selected the first * Crash when editing the first of two address book entries with the same nickname and changing the first from a single address into a list of addresses Best regards, Aschwin Marsman -- aschwin@marsman.org http://www.marsman.org
Aschwin Marsman <aschwin@marsman.org> writes:
[...] Also other bugs are fixed, e.g.:
And you will get pine 4.64 from our current edge distribution since we added the package already to our development tree. Putting out a YOU update is quite some extra work and we're not doing that unless we have a real security issue - and then only fix the security problem. Andreas -- Andreas Jaeger, aj@suse.de, http://www.suse.de/~aj SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126
On Thu, 3 Nov 2005, Andreas Jaeger wrote:
Aschwin Marsman <aschwin@marsman.org> writes:
Thanks for your reply.
Also other bugs are fixed, e.g.:
And you will get pine 4.64 from our current edge distribution since we added the package already to our development tree.
I would expect that, thanks. Is it possible to add some of those packages to a SUSE 10.0 installation? Something like stable, testing, unstable: you can pick for a package what you want. Or should I get the src rpm and build it myself? Or create a repository to smart that contains upgrades for the packages that I use most?
Putting out a YOU update is quite some extra work and we're not doing that unless we have a real security issue - and then only fix the security problem.
I know. SUSE has limited resources, but I hope that with openSUSE more people can help so not only security fixes but also other problems can be fixed. I currently use packman, guru etc. to install newer packages.
Andreas
Best regards, Aschwin Marsman -- aschwin@marsman.org http://www.marsman.org
Aschwin Marsman <aschwin@marsman.org> writes:
On Thu, 3 Nov 2005, Andreas Jaeger wrote:
Aschwin Marsman <aschwin@marsman.org> writes:
Thanks for your reply.
Also other bugs are fixed, e.g.:
And you will get pine 4.64 from our current edge distribution since we added the package already to our development tree.
I would expect that, thanks. Is it possible to add some of those packages to a SUSE 10.0 installation? Something like stable, testing, unstable: you can pick for a package what you want.
In general it's not possible - we add new GCC and GLIBC versions to our development version and that might make it impossible to use a package on an older distro.
Or should I get the src rpm and build it myself?
That's the best options.
Or create a repository to smart that contains upgrades for the packages that I use most?
I wouldn't do it unless you want everything - the development version is not that tested... Andreas -- Andreas Jaeger, aj@suse.de, http://www.suse.de/~aj SUSE Linux Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126
participants (4)
-
Allen -
Andreas Jaeger -
Aschwin Marsman -
Ludwig Nussel