On Fri, 1 Jun 2001, Kenneth E. Lussier wrote:
> And your point would be what, exactly? A vulnerability was discovered
> and less than a week later there is a solution to it? I have to say
> that this does reaffirm my faith in sendmail. It's better than Qmail's
> response time (bugtraq id#1809 shows that it took from 10/16 until
> 11/10 to fix a remote password retrieval vulnerability).
You either did not read the above bugtraq report or ignored what it said.
It was not a bug in qmail, but rather a 3rd-party add on for it.
About the worst problem it could cause, anyway, is for your machine to be
used as an open relay.
As far as the other five bugtraq entries for qmail, I can help you read
those also, if you need assistance.
I'll take nearly three years without a confirmed security hole over dozens
of holes that are fixed in a week, and day.
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
