In case you did not see this.
Subject: Pine 4.44 now available
This note is to announce the availability of the Pine Message System
version 4.44. The purpose of this release is to fix a security
bug with the treatment of quotes in the URL-handling code. The bug
allows a malicious sender to embed commands in a URL. This bug is
present in all versions of UNIX Pine. There is no vulnerability from
this bug in PC-Pine.
The release notes are available from within Pine ("R" command off the
Main Menu) and via
http://www.washington.edu/pine/changes.html
and
ftp://ftp.cac.washington.edu/pine/docs/
Source for the latest Pine release is available in:
ftp://ftp.cac.washington.edu/pine/pine.tar.Z
and
ftp://ftp.cac.washington.edu/pine/pine.tar.gz
Precompiled binaries for the various systems we have direct access to
are available in:
ftp://ftp.cac.washington.edu/pine/unix-bin
and
ftp://ftp.cac.washington.edu/pine/unix-bin-compressed
The corresponding PC-Pine distribution is available in:
ftp://ftp.cac.washington.edu/pine/pcpine/pm444w32.zip
As with all Pine releases, it is important that you carefully test and
determine for yourself that it performs suitably in your environment
before placing Pine into production use.
The Pine Development Team
--
