Sendmail vulnerability

Mike Tancsa mike at sentex.net
Wed Sep 17 10:43:18 PDT 2003


Looks like they have released http://www.sendmail.org/8.12.10.html

Are their plans to import/mfc this into stable ?  No doubt a busy day for 
the Sendmail folk as well :-(

         ---Mike

At 12:21 PM 17/09/2003, Jacques A. Vidrine wrote:
>You've probably already seen the latest sendmail vulnerability.
>
>http://lists.netsys.com/pipermail/full-disclosure/2003-September/010287.html
>
>I believe you can apply the following patch to any of the security
>branches:
>
>http://cvsweb.freebsd.org/src/contrib/sendmail/src/parseaddr.c.diff?r1=1.1.1.17&r2=1.1.1.18
>
>Download the patch and:
>
>   # cd /usr/src
>   # patch -p1 < /path/to/patch
>   # cd /usr/src/usr.sbin/sendmail
>   # make obj && make depend && make && make install
>
>
>Official advisory will go out later today.
>
>Cheers,
>--
>Jacques Vidrine   . NTT/Verio SME      . FreeBSD UNIX       . Heimdal
>nectar at celabo.org . jvidrine at verio.net . nectar at freebsd.org . nectar at kth.se
>_______________________________________________
>freebsd-security at freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-security
>To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"



More information about the freebsd-security mailing list