From bc64c0b4a3054940fafcde8d351fb3e7d44b3682 Mon Sep 17 00:00:00 2001 From: kris <kris@FreeBSD.org> Date: Sat, 4 Mar 2000 06:52:42 +0000 Subject: Put on my security hardhat and mark this port FORBIDDEN - it has a buffer overflow in the MIME parsing code which is remotely exploitable via email. The nmh port had a similar bug which was fixed in the 1.0.2 upgrade. Because this software is apparently no longer under active development it may be unlikely to get fixed. Obtained from: Dan Harkless <dan-bugtraq@dilvish.speed.net> via BugTraq --- mail/mh/Makefile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/mail/mh/Makefile b/mail/mh/Makefile index 45d4ad5f7ec..21d65bf7ce3 100644 --- a/mail/mh/Makefile +++ b/mail/mh/Makefile @@ -17,6 +17,8 @@ PATCHFILES= MH.6.8.4.Z MAINTAINER= pst@FreeBSD.org +FORBIDDEN= "Buffer overflow in MIME parsing code, exploitable via email." + MAN1= ali.1 anno.1 burst.1 comp.1 dist.1 folder.1 forw.1 inc.1 mark.1 \ mh-chart.1 mh.1 mhl.1 mhook.1 mhmail.1 mhn.1 mhparam.1 mhpath.1 \ msgchk.1 msh.1 next.1 packf.1 pick.1 prev.1 prompter.1 rcvstore.1 \ -- cgit