Debian Security Advisory: New version of nmh released

Date: Mon, 28 Feb 2000 18:38:04 +0100
From: Wichert Akkerman wichert@soil.nl
To: debian-security-announce@lists.debian.org
Subject: [SECURITY] New version of nmh released

The version of nmh that was distributed in Debian GNU/Linux 2.1 (aka slink) did not check incoming mail messages properly. This could be exploited by using carefully designed MIME headers to trick mhshow into executing arbitrary shell code.

This has been fixed in version 0.27-0.28-pre8-4. We recommend you upgrade your nmh package immediately.

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

Debian GNU/Linux 2.1 alias slink

Source archives:
http://security.debian.org/dists/stable/updates/source/nmh_0.27-0.28-pre8-4.diff.gz
MD5 checksum: e067ed67134efa5f3e0e2ed8ff70ebb3
http://security.debian.org/dists/stable/updates/source/nmh_0.27-0.28-pre8-4.dsc
MD5 checksum: 311c7fa22aa6ff3e0911f363d83f1260
http://security.debian.org/dists/stable/updates/source/nmh_0.27-0.28-pre8.orig.tar.gz
MD5 checksum: cb8af772beccf3432184ffe71cd9f39c

Alpha architecture:
http://security.debian.org/dists/stable/updates/binary-alpha/nmh_0.27-0.28-pre8-4_alpha.deb
MD5 checksum: d3fdfb597a3c6be024481a8d17ae8882

Intel ia32 architecture:
http://security.debian.org/dists/stable/updates/binary-i386/nmh_0.27-0.28-pre8-4_i386.deb
MD5 checksum: a5e06258dfdfc38069597047acdc7c5f

Motorola 680x0 architecture:
http://security.debian.org/dists/stable/updates/binary-m68k/nmh_0.27-0.28-pre8-4_m68k.deb
MD5 checksum: d6c522f5cbf32a266a593d66570b9be0

Sun Sparc architecture:
http://security.debian.org/dists/stable/updates/binary-sparc/nmh_0.27-0.28-pre8-4_sparc.deb
MD5 checksum: 6a912720d4a206ae39f9408a57e448bc

These files will be moved into
ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/ soon.

For not yet released architectures please refer to the appropriate directory
ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .