[25927] in Athena Bugs
sun4 9.3.8: nmh
daemon@ATHENA.MIT.EDU (Jerrad Pierce)
Wed Aug 11 12:46:14 2004
Message-Id: <200408111646.i7BGkA0h002759@scrubbing-bubbles.mit.edu>
To: bugs@mit.edu
Date: Wed, 11 Aug 2004 12:46:10 -0400
From: Jerrad Pierce <belg4mit@mit.edu>
Errors-To: bugs-bounces@mit.edu
System name: scrubbing-bubbles.mit.edu
Type and version: Sun-Fire-V440 9.3.8 (with mkserv)
Display type: unknown
Shell: /bin/athena/tcsh
Window manager: /afs/athena/project/windowmgr/arch/@sys/bin/vtwm.gamma
What were you trying to do?
[Please replace this line with your information.]
What's wrong:
Athena was (again) updated without switching to a newer, safer, better nmh.
What should have happened:
Upgraded to 1.0.4 a *4 year old* version which should have adopted long ago,
or the newborn 1.1 http://savannah.nongnu.org/download/nmh/
Please describe any relevant documentation references:
A previously reported bug concerning the failure to remove Fcc when
sending messages
NOTE: All versions of nmh prior to 1.0.3 (as well as MH) contained a
vulnerability where incoming mail messages with carefully designed MIME
headers could cause the mhshow command to execute arbitrary shell code. Though
the authors of nmh are not aware of any exploits of this hole, MH users and
users of older versions of nmh are strongly encouraged to upgrade to the
current version. -- http://www.nongnu.org/nmh/
--
H4sICNoBwDoAA3NpZwA9jbsNwDAIRHumuC4NklvXTOD0KSJEnwU8fHz4Q8M9i3sGzkS7BBrm
OkCTwsycb4S3DloZuMIYeXpLFqw5LaMhXC2ymhreVXNWMw9YGuAYdfmAbwomoPSyFJuFn2x8
Opr8bBBidccAAAA=
--
MOTD on Pungenday, the 4th of Bureaucracy, in the YOLD 3170:
touched by an anvil --memepool
