Hash: SHA1

On Tuesday, March 04, 2003 2:20 AM Matthew Seaman <mailto:[EMAIL PROTECTED]> wrote:

> On Tue, Mar 04, 2003 at 04:22:49AM +0200, Giorgos Keramidas wrote:
>> PS: You can always upgrade to RELENG_4.  Gregory Neil Shapiro, the
>> maintainer of Sendmail on FreeBSD, has already merged the latest
>> Sendmail version (8.12.8) to the RELENG_4 branch.
> Actually, according to what I can see in a quick trawl through cvsweb,
> he's MFC'd sendmail patches on all RELENG_x and RELENG_x_y branches
> back to and including RELENG_3:
> http://www.freebsd.org/cgi/cvsweb.cgi/src/contrib/sendmail/src/?sortby=date&only_with_tag=RELENG_3
> However, it seems that his modifications don't constitute a complete
> upgrade to sendmail-8.12.8 except on RELENG_4 and HEAD.  Hence the
> confusion over the binary updates given in the original security
> alert.  Your sendmail binary will be immune to this attack if you've
> built it out of a recently cvsup'd source tree or installed one of the
> binary patches so that:
>     -- you're running sendmail-8.12.8 or better
>     or
>     -- the string 'Dropped invalid comments from header address'
>        appears in the sendmail binary.
> Thanks to Claus Assmann for pointing out the second test.
>       Cheers,
>       Matthew

Thanks Matt.  Few questions though:

1.  What is `BP'?
2.  I appllied the patch and now I'm building world with my exsisting 4.4 sources.  Is 
this not `safe' as cvsuping and then buidling world?  I'm not sure I understand the 
implications of not cvsuping, especially since the patch has been applied to 8.11.6 in 
the 4.4 branch.

- -------------------------------------------
Randomly Generated Quote:
A free society is one where it's safe
to be unpopular. --Adlai E. Stevenson

Mike Loiterman
PGP Key 0xD1B9D18E

Version: PGP 8.0
Comment: This message has been digitally signed by Mike Loiterman


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Reply via email to