[14090] in bugtraq
nmh security update
daemon@ATHENA.MIT.EDU (Ruud de Rooij)
Tue Feb 29 22:57:41 2000
Message-Id: <20000228173805.B17DB3424A@hobbes.home.ruud.org>
Date: Mon, 28 Feb 2000 18:38:05 +0100
Reply-To: Ruud de Rooij <ruud@RUUD.ORG>
From: Ruud de Rooij <ruud@RUUD.ORG>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Versions prior to 1.0.3 of the nmh package contained a vulnerability
where incoming mail messages with carefully designed MIME headers could
cause nmh's mhshow command to execute arbitrary shell code.
This bug has been fixed in nmh 1.0.3 and we encourage you to upgrade
immediately. The fixed package is available at
ftp://ftp.mhost.com/pub/nmh/nmh-1.0.3.tar.gz
The MD5sum of nmh-1.0.3.tar.gz is 02519bf8f7ff8590ecfbee9f9500ea07.
For the nmh authors,
Ruud de Rooij.
- --
ruud de rooij | ruud@ruud.org | ruud@debian.org | http://ruud.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE4uq60gWpMJ0LP/ksRAohGAJ90IJAVvyF+ouPkWEFbi5bEFJrhZwCg2yoz
XhNPTGQCtLHmKGcMsEuOUCE=
=jZwy
-----END PGP SIGNATURE-----
