On Thu, 3 Nov 2005, Allen wrote: > On Thu, Nov 03, 2005 at 11:24:40AM +0100, Ludwig Nussel wrote: > > Aschwin Marsman wrote: > > > As a pine user on SUSE 10.0 I have the following version installed: > > > > rpm -q pine > > > pine-4.63-9 > > > > > > On the pine site it states: > > > > > > Note: Install Pine 4.64, or later version, to fix a buffer overflow > > > problem. Read iDEFENSE Security Advisory for full details. > > > http://www.idefense.com/application/poi/display?id=313&type=vulnerabilities > > > > > > Will pine be upgraded to 4.64 or is this already solved in 4.63-9? > > > > Since you specify the mailbox names you want to use in your client > > yourself you would only be able to exploit yourself which is > > pointless. So no need for an update. > > SUSE team is one of the biggest reasons I use SUSE, you guys have proven to > me over and over, that you not only know what you're doing, but you're > great at what you do.
That's correct Marcus and friends are doing a great job. But when you are looking at e.g. the lwn.net securiry page SUSE isn't always that quick, it seams that ubuntu is the fastest in general. > Any other distro would probably make a big deal about this telling users to > upgrade soon. You guys understand security and know it isn't anything. It would be nice to have a list of security flaws with those reasons included e.g. on the openSUSE website: we looked at these flaws, we will solve the following, we won't solve these others because... and than give the reason. I saw Linus Torvalds (a pine user also) upgraded to the latest version. As a user you don't want to read all security reports, I only follow the most important ones for the tools I use daily. Also other bugs are fixed, e.g.: * Crash with malformed mailbox name that allows an authorized user to run commands from the shell * When a PC-Pine network read, or a non-SSL Unix Pine network read took longer than Tcp-Read-Warning-Timeout (default 15 seconds) Pine would always time out instead of allowing the user to continue * Bug when setting Reply-Indent-String to the Empty Value. Quote showed up as a double quote instead of as nothing. * Crash when Pine attempts to open a remote (IMAP, POP3, NNTP) mailbox specification that has an unterminated quoted string in the network part of the name * Sorting by Score would not work after changing a message's score by setting a keyword or changing its status * Crash when adding then deleting the first header color * Crash when Bouncing a message and then selecting the address to bounce the message to using ^T and the directory server screen * When exporting a flowed message, perform wrapping to get rid of long lines and space stuffing * Incorrect MESSAGE INDEX when message contains some high-bit characters (do a better job of ensuring that control characters in a message don't reach the screen by mistake) * Limit amount of delay that can be caused by the system clock jumping backwards * Bug that caused confirmation prompt to be skipped when Apply Saving messages with the first message in the set not having deleted parts * Allow commas in Customized-Hdrs fields and in header fields defined in Roles * When two Pines were accessing the same address book and the two Pines had different ideas of how it should be sorted, they could get into a slow loop changing the sort order back and forth forever. Now give up and leave the sort alone after the first time this happens in a session. * When Disable-Keymenu was set the "Other" subcommand did not work correctly in the Apply command * When an address book contained multiple entries with the same nickname the ^T method of selecting always selected the first * Crash when editing the first of two address book entries with the same nickname and changing the first from a single address into a list of addresses Best regards, Aschwin Marsman -- [EMAIL PROTECTED] http://www.marsman.org --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
