Searched for this in Bugzilla but didn't find it. The above URL has a
SecurityFocus (BugTraq) report on a security hole found with pine 4.10 -- a
remote user can send URLs to a pine user that can cause code to be
Apparently the bug is fixed in 4.21 -- when will the RedHat RPM be updated?
*** This bug has been marked as a duplicate of 3782 ***