From bc64c0b4a3054940fafcde8d351fb3e7d44b3682 Mon Sep 17 00:00:00 2001
From: kris <kris@FreeBSD.org>
Date: Sat, 4 Mar 2000 06:52:42 +0000
Subject: Put on my security hardhat and mark this port FORBIDDEN - it has a
 buffer overflow in the MIME parsing code which is remotely exploitable via
 email. The nmh port had a similar bug which was fixed in the 1.0.2 upgrade.

Because this software is apparently no longer under active development it
may be unlikely to get fixed.

Obtained from:	Dan Harkless <dan-bugtraq@dilvish.speed.net> via BugTraq
---
 mail/mh/Makefile | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/mail/mh/Makefile b/mail/mh/Makefile
index 45d4ad5f7ec..21d65bf7ce3 100644
--- a/mail/mh/Makefile
+++ b/mail/mh/Makefile
@@ -17,6 +17,8 @@ PATCHFILES=	MH.6.8.4.Z
 
 MAINTAINER=	pst@FreeBSD.org
 
+FORBIDDEN=	"Buffer overflow in MIME parsing code, exploitable via email."
+
 MAN1=	ali.1 anno.1 burst.1 comp.1 dist.1 folder.1 forw.1 inc.1 mark.1  \
 	mh-chart.1 mh.1 mhl.1 mhook.1 mhmail.1 mhn.1 mhparam.1 mhpath.1  \
 	msgchk.1 msh.1 next.1 packf.1 pick.1 prev.1 prompter.1 rcvstore.1 \
-- 
cgit