This is a weblog I'm keeping about my work on Debian and any other useful Debian related info I come across. It is not meant to compete with other news sources like Debian Weekly News or Debian Planet. Mostly it is just a way for me to classify and remember all the random bits of information that I have floating around me. I thought maybe by using a blog it could be of some use to others too. Btw. "I" refers to Jaldhar H. Vyas, Debian developer for over 5 years. If you want to know more about me, my home page is here.
The name? Debain is a very common misspelling of Debian and la salle de bains means bathroom in French.
If you have a comment to make on something you read here, feel free to write to me at email@example.com.
You can get an rss 0.91 feed of any page in the
blog by appending
?flav=rss to the end of the URL.
I've made some new .debs of pine available.
A buffer overflow exists in the way unpatched versions of Pine prior to 4.57 handle the 'message/external-body' type. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2003-0720 to this issue.
An integer overflow exists in the Pine MIME header parsing in versions prior to 4.57. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2003-0721 to this issue.
Both of these flaws could be exploited by a remote attacker sending a carefully crafted email to the victim that will execute arbitrary code when the email is opened using Pine. So please upgrade ASAP.