Hi, > > I wonder whether a sendmail security patch (input validation > > error, BUGTRAQ ID: 3163) will be available soon? > > No: > 1) The version in unstable(sid) Beta19 isn't vulnerable > 2) The version in testing (held back by ia64) is vulnerable, > but *ONLY* if run suid root, which isn't the case unless > the administrator changes things. > 3) The version in slink, base potato isn't vulnerable
thank you very for pointing me to this information! Wouldn't it make sense to make this information available in a security advisory? Just to say: we are not affected? All major distributions have issued patches yet. The recent sendmail vulnerabilty has drawn much attention on it. I think that it is reasonable in such a situation to issue a security advisory that points to the relevant information and gives us system administrators a good feeling. Cheers, Thomas
