Versions of the popular pine e-mail reader prior to 4.40 contain a vulnerability in the way URLs in messages are handled. A malicious user could embed commands in a URL that will be executed on the affected machine when the embedded URL is launched. FreeBSD users can get more information and download pine updates from:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:05.pine.asc