On Fri, Jan 11, 2002 at 05:56:07PM +0100, Thomas Roessler wrote:
> This was a duplicate message apparently inserted at trymedia.com.
> It's certainly not the version of the message I sent out.
Looks like someone re-injected. Next time I'll check more carefully.
Sorry (also can't find any tryme
D; Fri, 11 Jan 2002 01:54:49 -0800 (PST)
>From: Thomas Roessler <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED],
> [EMAIL PROTECTED]
>Subject: [Announce] SECURITY: mutt-1.2.5.1 and mutt-1.3.25 released.
>Message-Id: <[EMAIL PROTECTED]>
>
Jeremy, et al --
...and then Jeremy Blosser said...
%
% On Jan 11, David T-G [[EMAIL PROTECTED]] wrote:
% >
% > Didn't we see these come out already? Is this somehow different from the
% > Jan 01 message <[EMAIL PROTECTED]> (which
% > was PGP-MIME signed, I noted, while this one isn't)? It's
On Jan 11, David T-G [[EMAIL PROTECTED]] wrote:
> ...and then Thomas Roessler said...
> %
> % Date: Fri, 11 Jan 2002 01:54:49 -0800 (PST)
> %
> ...
> % mutt-1.2.5.1 and mutt-1.3.25 have just been released.
>
> Didn't we see these come out already? Is this somehow different from the
> Jan 01 me
On Fri, Jan 11, 2002 at 08:32:24AM -0500, David T-G wrote:
> % mutt-1.2.5.1 and mutt-1.3.25 have just been released.
> Didn't we see these come out already? Is this somehow different from the
> Jan 01 message <[EMAIL PROTECTED]> (which
> was PGP-MIME signed, I noted, while this one isn't)? It's
Hi, all --
...and then Thomas Roessler said...
%
% Date: Fri, 11 Jan 2002 01:54:49 -0800 (PST)
%
...
% mutt-1.2.5.1 and mutt-1.3.25 have just been released.
Didn't we see these come out already? Is this somehow different from the
Jan 01 message <[EMAIL PROTECTED]> (which
was PGP-MIME signed,
--zhXaljGHf11kAtnf
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
mutt-1.2.5.1 and mutt-1.3.25 have just been released.
These releases both fix a security hole which can be remotely
exploited. The problem was foun
On Fri, Jan 04, 2002 at 02:34:00PM +0100, Kai Blin wrote:
> This means you can send an email with the header line hacked and execute
> code that's run with the rights of the mutt user.
In this particular case it would be difficult to exploit because the
attacker only has the option of writing one
* Russell Hoover <[EMAIL PROTECTED]> [03/01/02, 22:46:12]:
> On Tue 01/01/02 at 09:40 PM +0100, Thomas Roessler
> <[EMAIL PROTECTED]> wrote:
>
> > mutt-1.2.5.1 and mutt-1.3.25 have just been released.
> > These releases both fix a security hole which can be remotely
> > exploited.
On Tue 01/01/02 at 09:40 PM +0100, Thomas Roessler
<[EMAIL PROTECTED]> wrote:
> mutt-1.2.5.1 and mutt-1.3.25 have just been released.
> These releases both fix a security hole which can be remotely
> exploited. ^
^^
I'm not sure what tha
Alas! Will Yardley spake thus:
> this time, a search for 'mutt' in distribution 'any' and section 'any'
> brought up the desired results.
That's exactly what I searched for. In fact, that url you posted looks
exactly like the one I posted...
--
Rob 'Feztaa' Park
[EMAIL PROTECTED]
--
"A nymphoma
Rob 'Feztaa' Park wrote:
> Alas! Justin R. Miller spake thus:
> > > It doesn't seem as though 1.3.25 is released in any of the Debian
> > > releases.
> >
> > http://packages.debian.org/unstable/non-us/mutt.html
> >
> > That, and I'm running it! ;-)
>
> Good thing it didn't show up in the searc
Alas! Justin R. Miller spake thus:
> > It doesn't seem as though 1.3.25 is released in any of the Debian
> > releases.
>
> http://packages.debian.org/unstable/non-us/mutt.html
>
> That, and I'm running it! ;-)
Good thing it didn't show up in the search, I might have found it!
--
Rob 'Feztaa'
Thus spake Rob 'Feztaa' Park ([EMAIL PROTECTED]):
> It doesn't seem as though 1.3.25 is released in any of the Debian
> releases.
http://packages.debian.org/unstable/non-us/mutt.html
That, and I'm running it! ;-)
--
Justin R. Miller <[EMAIL PROTECTED]>
View my website at http://codesorcery.ne
Alas! Rob 'Feztaa' Park spake thus:
> It doesn't seem as though 1.3.25 is released in any of the Debian
> releases.
Ah, nevermind. I just compiled it...
--
Rob 'Feztaa' Park
[EMAIL PROTECTED]
--
"Just because the hole is rectangular doesn't mean you can push
squares through it."
Alas! Will Yardley spake thus:
> just download the unstable package from debian's site and dpkg -i it
http://packages.debian.org/cgi-bin/search_packages.pl?keywords=mutt&searchon=names&subword=1&version=all&release=all
It doesn't seem as though 1.3.25 is released in any of the Debian
releases.
Thus spake Will Yardley ([EMAIL PROTECTED]):
> well you could remove the line when done / run another apt-get
> update or just download the unstable package from debian's site
> and dpkg -i it
Yes, I should have mentioned that the sources.list addition was a
temporary one. You may also inv
Aaron Schrab wrote:
> At 09:03 -0500 03 Jan 2002, "Justin R. Miller" <[EMAIL PROTECTED]> wrote:
> > Add a sid line to your sources list, then 'apt-get update; apt-get
> > install mutt/unstable' should do it. I don't think the deps are
>
> If you just add a line for unstable (sid) to the sources
At 09:03 -0500 03 Jan 2002, "Justin R. Miller" <[EMAIL PROTECTED]> wrote:
> Add a sid line to your sources list, then 'apt-get update; apt-get
> install mutt/unstable' should do it. I don't think the deps are
If you just add a line for unstable (sid) to the sources.list you're
likely to get a lo
Alas! David T-G spake thus:
> % > http://www.debian.org/security/2002/dsa-096
> %
> % Still waiting for the woody package :-\
>
> Hey, you can compile stuff now; go and get 1.3.25 and built it yourself.
Sorry, too busy building my LFS system. I don't want to have to worry
about recompiling mutt
Thus spake Rob 'Feztaa' Park ([EMAIL PROTECTED]):
> Still waiting for the woody package :-\
Add a sid line to your sources list, then 'apt-get update; apt-get
install mutt/unstable' should do it. I don't think the deps are
unusual.
--
Justin R. Miller <[EMAIL PROTECTED]>
View my website at
Rob --
...and then Feztaa said...
%
% Alas! Ben Reser spake thus:
% > > May we be told the nature (if not the details) of the vulnerability?
% >
% > http://www.debian.org/security/2002/dsa-096
%
% Still waiting for the woody package :-\
Hey, you can compile stuff now; go and get 1.3.25 and bu
Alas! Ben Reser spake thus:
> > May we be told the nature (if not the details) of the vulnerability?
>
> http://www.debian.org/security/2002/dsa-096
Still waiting for the woody package :-\
--
Rob 'Feztaa' Park
[EMAIL PROTECTED]
--
"A verbal contract isn't worth the paper it's written on."
On Wed, Jan 02, 2002 at 04:51:16PM -0500, Russell Hoover wrote:
> May we be told the nature (if not the details) of the vulnerability?
http://www.debian.org/security/2002/dsa-096
--
Ben Reser <[EMAIL PROTECTED]>
http://ben.reser.org
"I wish it need not have happened in my time," said Frodo.
"S
On Tue 01/01/02 at 09:40 PM +0100, Thomas Roessler
<[EMAIL PROTECTED]> wrote:
> mutt-1.2.5.1 and mutt-1.3.25 have just been released.
> These releases both fix a security hole which can be remotely
> exploited.
May we be told the nature (if not the details) of the vulnerability?
--
mutt-1.2.5.1 and mutt-1.3.25 have just been released.
These releases both fix a security hole which can be remotely
exploited. The problem was found and a fix suggested by Joost Pol
<[EMAIL PROTECTED]>. Thanks for that.
mutt-1.2.5.1 is released as an update to the last stable version of
mutt, m
26 matches
Mail list logo
