Patch posted on BUGTRAQ & pine-info mailing lists which fixes the
so-called "remote exploit in pine" bug.
More info: http://www.washington.edu/pine/pine-info/1999.02/msg00056.html
*** ./pine/init.c.orig	Tue Jan 26 11:57:56 1999
--- ./pine/init.c	Tue Feb  9 19:23:06 1999
***************
*** 1791,1796 ****
--- 1791,1798 ----
  	 F_QUELL_PARTIAL_FETCH, NO_HELP, PREF_NONE},
  	{"save-aggregates-copy-sequence",
  	 F_AGG_SEQ_COPY, NO_HELP, PREF_NONE},
+ 	{"enable-mailcap-param-substitution",
+ 	 F_DO_MAILCAP_PARAM_SUBST, NO_HELP, PREF_NONE},
  	{"termdef-takes-precedence",
  	 F_TCAP_WINS, NO_HELP, PREF_NONE}
      };
*** ./pine/mailcap.c.orig	Wed Nov 18 10:00:15 1998
--- ./pine/mailcap.c	Tue Feb  9 19:23:40 1999
***************
*** 739,745 ****
      dprint(5, (debugfile, "- mc_passes_test -\n"));
  
      if(mc->testcommand && *mc->testcommand)
! 	cmd = mc_bld_test_cmd(mc->testcommand, type, subtype, params);
      
      if(!mc->testcommand || !cmd || !*cmd){
  	if(cmd)
--- 739,746 ----
      dprint(5, (debugfile, "- mc_passes_test -\n"));
  
      if(mc->testcommand && *mc->testcommand)
! 	if(!(cmd = mc_bld_test_cmd(mc->testcommand, type, subtype, params)))
! 	  return(FALSE);	/* couldn't be built */
      
      if(!mc->testcommand || !cmd || !*cmd){
  	if(cmd)
***************
*** 794,800 ****
      if(needsterm)
        *needsterm = mc->needsterminal;
  
!     command = mc_cmd_bldr(mc->command, type, subtype, params, tmp_file);
  
      dprint(5, (debugfile, "built command: %s\n", command));
  
--- 795,802 ----
      if(needsterm)
        *needsterm = mc->needsterminal;
  
!     if(!(command = mc_cmd_bldr(mc->command, type, subtype, params, tmp_file)))
!       command = cpystr("");
  
      dprint(5, (debugfile, "built command: %s\n", command));
  
***************
*** 871,876 ****
--- 873,884 ----
  		break;
  
  	      case '{':			/* insert requested MIME param */
+ 		if(F_OFF(F_DO_MAILCAP_PARAM_SUBST, ps_global)){
+ 		    dprint(2,
+ 			   (debugfile, "mc_cmd_bldr: param subs %s\n", from));
+ 		   return(NULL);
+ 		}
+ 
  		s = strindex(from, '}');
  		if(!s){
  		    q_status_message1(SM_ORDER, 0, 4,
***************
*** 956,962 ****
        sprintf(to, MC_ADD_TMP, tmp_file);
  
      return(cpystr(tmp_20k_buf));
! } 
  
  
  /*
--- 964,970 ----
        sprintf(to, MC_ADD_TMP, tmp_file);
  
      return(cpystr(tmp_20k_buf));
! }
  
  
  /*
*** ./pine/pine.h.orig	Thu Jan 28 16:52:00 1999
--- ./pine/pine.h	Tue Feb  9 19:23:21 1999
***************
*** 886,891 ****
--- 886,892 ----
  	F_SHOW_TEXTPLAIN_INT,
  	F_ROLE_CONFIRM_DEFAULT,
  	F_NO_FCC_ATTACH,
+ 	F_DO_MAILCAP_PARAM_SUBST,
  #ifdef	ENABLE_LDAP
  	F_ADD_LDAP_TO_ABOOK,
  #endif