Pine 4.2.1 through 4.4.4 puts Unix usernames and/or uid into Sender: and X-Sender: headers, which could allow remote attackers to obtain sensitive information.Referenceshttp://www.iss.net/security_center/static/9297.phphttp://online.securityfocus.com/archive/1/276029http://www.securityfocus.com/bid/4963
