On Tue, Mar 04, 2003 at 04:22:49AM +0200, Giorgos Keramidas wrote: > PS: You can always upgrade to RELENG_4. Gregory Neil Shapiro, the > maintainer of Sendmail on FreeBSD, has already merged the latest > Sendmail version (8.12.8) to the RELENG_4 branch.
Actually, according to what I can see in a quick trawl through cvsweb, he's MFC'd sendmail patches on all RELENG_x and RELENG_x_y branches back to and including RELENG_3: http://www.freebsd.org/cgi/cvsweb.cgi/src/contrib/sendmail/src/?sortby=date&only_with_tag=RELENG_3 However, it seems that his modifications don't constitute a complete upgrade to sendmail-8.12.8 except on RELENG_4 and HEAD. Hence the confusion over the binary updates given in the original security alert. Your sendmail binary will be immune to this attack if you've built it out of a recently cvsup'd source tree or installed one of the binary patches so that: -- you're running sendmail-8.12.8 or better or -- the string 'Dropped invalid comments from header address' appears in the sendmail binary. Thanks to Claus Assmann for pointing out the second test. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message