On Tue, Mar 04, 2003 at 04:22:49AM +0200, Giorgos Keramidas wrote:

> PS: You can always upgrade to RELENG_4.  Gregory Neil Shapiro, the
> maintainer of Sendmail on FreeBSD, has already merged the latest
> Sendmail version (8.12.8) to the RELENG_4 branch.

Actually, according to what I can see in a quick trawl through cvsweb,
he's MFC'd sendmail patches on all RELENG_x and RELENG_x_y branches
back to and including RELENG_3:

    
http://www.freebsd.org/cgi/cvsweb.cgi/src/contrib/sendmail/src/?sortby=date&only_with_tag=RELENG_3

However, it seems that his modifications don't constitute a complete
upgrade to sendmail-8.12.8 except on RELENG_4 and HEAD.  Hence the
confusion over the binary updates given in the original security
alert.  Your sendmail binary will be immune to this attack if you've
built it out of a recently cvsup'd source tree or installed one of the
binary patches so that:

    -- you're running sendmail-8.12.8 or better

    or

    -- the string 'Dropped invalid comments from header address'
       appears in the sendmail binary.

Thanks to Claus Assmann for pointing out the second test.

        Cheers,

        Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Reply via email to