1 files changed, 0 insertions, 96 deletions
diff --git a/share/security/advisories/FreeBSD-SA-01:17.exmh.asc b/share/security/advisories/FreeBSD-SA-01:17.exmh.asc
deleted file mode 100644
index 0a818b8f7a..0000000000
--- a/share/security/advisories/FreeBSD-SA-01:17.exmh.asc
+++ /dev/null
@@ -1,96 +0,0 @@
------BEGIN PGP SIGNED MESSAGE-----
-
-=============================================================================
-FreeBSD-SA-01:17                                           Security Advisory
-                                                                FreeBSD, Inc.
-
-Topic:          exmh symlink vulnerability
-
-Category:       ports
-Module:         exmh2
-Announced:      2001-01-29
-Credits:        Stanley G. Bubrouski <stan@CCS.NEU.EDU>
-Affects:        Ports collection prior to the correction date.
-Corrected:      2001-01-22
-Vendor status:  Updated version released
-FreeBSD only:   No
-
-I.   Background
-
-exmh is a tcl/tk based interface to the mh mail user agent.
-
-II.  Problem Description
-
-The exmh2 port, versions prior to 2.3.1, contains a local
-vulnerability: at startup, if exmh detects a problem in its code or
-configuration an error dialog appears giving the user an option to
-fill in a bug report and email it to the maintainer.  If the user
-agrees to mail the maintainer a file named /tmp/exmhErrorMsg is
-created.  If the file exists and is a symlink, it will follow the
-link, allowing local files writable by the user to be overwritten.
-
-The exmh2 port is not installed by default, nor is it "part of
-FreeBSD" as such: it is part of the FreeBSD ports collection, which
-contains over 4500 third-party applications in a ready-to-install
-format.  The ports collections shipped with FreeBSD 3.5.1 and 4.2
-contain this problem since it was discovered after the releases.
-
-FreeBSD makes no claim about the security of these third-party
-applications, although an effort is underway to provide a security
-audit of the most security-critical ports.
-
-III. Impact
-
-Malicious local users may cause arbitrary files writable by the user
-running exmh to be overwritten, in certain restricted situations.
-
-If you have not chosen to install the exmh2 port/package, then your
-system is not vulnerable to this problem.
-
-IV.  Workaround
-
-Deinstall the exmh2 port/package, if you have installed it.
-
-V.   Solution
-
-One of the following:
-
-1) Upgrade your entire ports collection and rebuild the exmh2 port.
-
-2) Deinstall the old package and install a new package dated after the
-correction date, obtained from:
-
-ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/mail/exmh-2.3.1.tgz
-ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/mail/exmh-2.3.1.tgz
-ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/mail/exmh-2.3.1.tgz
-
-[alpha]
-Packages are not automatically generated for the alpha architecture at
-this time due to lack of build resources.
-
-3) download a new port skeleton for the exmh2 port from:
-
-http://www.freebsd.org/ports/
-
-and use it to rebuild the port.
-
-4) Use the portcheckout utility to automate option (3) above. The
-portcheckout port is available in /usr/ports/devel/portcheckout or the
-package can be obtained from:
-
-ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
-ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
-ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
-ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
-ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
-
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.0.4 (FreeBSD)
-Comment: For info see http://www.gnupg.org
-
-iQCVAwUBOnXiAVUuHi5z0oilAQFN1QP/Y8TNT5P86VCujRk704GXV9Lxw4W6+lgZ
-s6wmSPnm8BmO/MZo4RZ+snZToo9lZWEbgU490LU7sUjy8ehMiP6F2OpViuFT76ug
-INFou7NHIAmMre2iFzyy6pcsLttX0emc02qUiEPDCLXrgF0BvhbqC3myXsbUzrpJ
-srN7OD3Y8l4=
-=1966
------END PGP SIGNATURE-----