"Dan Harkless" <[EMAIL PROTECTED]> writes:
> [EMAIL PROTECTED] (Ruud de Rooij) writes:
> > Versions prior to 1.0.3 of the nmh package contained a vulnerability
> > where incoming mail messages with carefully designed MIME headers could
> > cause nmh's mhshow command to execute arbitrary shell code.
> >
> > This bug has been fixed in nmh 1.0.3 and we encourage you to upgrade
> > immediately. The fixed package is available at
> >
> > ftp://ftp.mhost.com/pub/nmh/nmh-1.0.3.tar.gz
>
> Note that MH (at least the latter versions with MIME support) also contains
> this hole. MH users are also strongly encouraged to upgrade to nmh 1.0.3.
Can someone (Ruud?) please forward that information to exmh-users? I'm not
subscribed to that list, so my post failed.
I've already followed up to the comp.mail.mh post and have updated the nmh
web page (though the live copy of the latter hasn't auto-updated yet).
-----------------------------------------------------------------------
Dan Harkless | To prevent SPAM contamination, please
[EMAIL PROTECTED] | do not post this private email address
SpeedGate Communications, Inc. | to the USENET or WWW. Thank you.
