[EMAIL PROTECTED] (Ruud de Rooij) writes:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Versions prior to 1.0.3 of the nmh package contained a vulnerability
> where incoming mail messages with carefully designed MIME headers could
> cause nmh's mhshow command to execute arbitrary shell code.
[...]
Hi, Ruud. Did you also send this to bugtraq? That wasn't on your To: line,
and I don't see the message at:
http://www.securityfocus.com/templates/archive.pike?list=1
but maybe you sent it separately and it just hasn't arrived yet. If you
haven't sent it yet, please be sure to add the note that MH suffers from the
security hole as well as nmh. If you've already sent to that list, perhaps
you could follow up with just the MH info.
-----------------------------------------------------------------------
Dan Harkless | To prevent SPAM contamination, please
[EMAIL PROTECTED] | do not post this private email address
SpeedGate Communications, Inc. | to the USENET or WWW. Thank you.
