New Pine release

Charles Crawford ccrawford at acb.org
Thu Jan 3 10:59:56 EST 2002


	In case you did not see this.


Subject: Pine 4.44 now available

This note is to announce the availability of the Pine Message System
version 4.44. The purpose of this release is to fix a security
bug with the treatment of quotes in the URL-handling code. The bug
allows a malicious sender to embed commands in a URL. This bug is
present in all versions of UNIX Pine. There is no vulnerability from
this bug in PC-Pine.

The release notes are available from within Pine ("R" command off the
Main Menu) and via

         http://www.washington.edu/pine/changes.html
and
         ftp://ftp.cac.washington.edu/pine/docs/

Source for the latest Pine release is available in:

         ftp://ftp.cac.washington.edu/pine/pine.tar.Z
and
         ftp://ftp.cac.washington.edu/pine/pine.tar.gz

Precompiled binaries for the various systems we have direct access to
are available in:

         ftp://ftp.cac.washington.edu/pine/unix-bin
and
         ftp://ftp.cac.washington.edu/pine/unix-bin-compressed

The corresponding PC-Pine distribution is available in:

         ftp://ftp.cac.washington.edu/pine/pcpine/pm444w32.zip

As with all Pine releases, it is important that you carefully test and
determine for yourself that it performs suitably in your environment
before placing Pine into production use.

The Pine Development Team

-- 





More information about the Speakup mailing list