Put on my security hardhat and mark this port FORBIDDEN - it has a buffer

overflow in the MIME parsing code which is remotely exploitable via email. The nmh port had a similar bug which was fixed in the 1.0.2 upgrade. Because this software is apparently no longer under active development it may be unlikely to get fixed. Obtained from: Dan Harkless <dan-bugtraq@dilvish.speed.net> via BugTraq
author: Kris Kennaway <kris@FreeBSD.org> 2000-03-04 06:52:42 +0000
committer: Kris Kennaway <kris@FreeBSD.org> 2000-03-04 06:52:42 +0000
commit: a522b54e25ae601d960fd992bc6e0c39850d9569 (patch)
tree: b140427a5cdc2a265d75ab61f35679788c2ba27a /mail/mh
parent: - Fix MASTER_SITES (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/mail/mh/Makefile b/mail/mh/Makefile
index 45d4ad5f7ec2..21d65bf7ce36 100644
--- a/mail/mh/Makefile
+++ b/mail/mh/Makefile
@@ -17,6 +17,8 @@ PATCHFILES=	MH.6.8.4.Z
 
 MAINTAINER=	pst@FreeBSD.org
 
+FORBIDDEN=	"Buffer overflow in MIME parsing code, exploitable via email."
+
 MAN1=	ali.1 anno.1 burst.1 comp.1 dist.1 folder.1 forw.1 inc.1 mark.1  \
 	mh-chart.1 mh.1 mhl.1 mhook.1 mhmail.1 mhn.1 mhparam.1 mhpath.1  \
 	msgchk.1 msh.1 next.1 packf.1 pick.1 prev.1 prompter.1 rcvstore.1 \
author	Kris Kennaway <kris@FreeBSD.org>	2000-03-04 06:52:42 +0000
committer	Kris Kennaway <kris@FreeBSD.org>	2000-03-04 06:52:42 +0000
commit	a522b54e25ae601d960fd992bc6e0c39850d9569 (patch)
tree	b140427a5cdc2a265d75ab61f35679788c2ba27a /mail/mh
parent	- Fix MASTER_SITES (diff)