[CVS] OpenPKG: openpkg-web/security/ OpenPKG-SA-2003.016-sendmail.txt

[Ralf S. Engelschall]

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________

  Server: cvs.openpkg.org                  Name:   Ralf S. Engelschall
  Root:   /e/openpkg/cvs                   Email:  [EMAIL PROTECTED]
  Module: openpkg-web                      Date:   04-Mar-2003 16:07:00
  Branch: HEAD                             Handle: 2003030415070000

  Modified files:
    openpkg-web/security    OpenPKG-SA-2003.016-sendmail.txt

  Log:
    bugfix and cleanup

  Summary:
    Revision    Changes     Path
    1.2         +9  -9      openpkg-web/security/OpenPKG-SA-2003.016-sendmail.txt
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openpkg-web/security/OpenPKG-SA-2003.016-sendmail.txt
  ============================================================================
  $ cvs diff -u -r1.1 -r1.2 OpenPKG-SA-2003.016-sendmail.txt
  --- openpkg-web/security/OpenPKG-SA-2003.016-sendmail.txt     4 Mar 2003 13:06:11 
-0000       1.1
  +++ openpkg-web/security/OpenPKG-SA-2003.016-sendmail.txt     4 Mar 2003 15:07:00 
-0000       1.2
  @@ -12,18 +12,18 @@
   
   Affected Releases:   Affected Packages:          Corrected Packages:
   OpenPKG CURRENT      <= sendmail-8.12.7-20030205 >= sendmail-8.12.8-20030304
  -OpenPKG 1.2          <= sendmail-8.12.7-1.2.0    >= sendmail-8.12.4-1.2.1
  +OpenPKG 1.2          <= sendmail-8.12.7-1.2.0    >= sendmail-8.12.7-1.2.1
   OpenPKG 1.1          none                        N.A.
   
   Dependent Packages:  none
   
   Description:
  -  According to a ISS X-Force [0], a buffer overflow vulnerability
  -  exists in all sendmail versions from 5.79 to 8.12.7 [1]. Attackers
  -  may remotely exploit this vulnerability to gain "root" or superuser
  -  control of any vulnerable Sendmail server. The Common Vulnerabilities
  -  and Exposures (CVE) project assigned the id CAN-2002-1337 [2] to the
  -  problem.
  +  According to an ISS X-Force advisory [1], a buffer overflow
  +  vulnerability exists in all versions from 5.79 to 8.12.7 of the
  +  Sendmail MTA [0]. Attackers may remotely exploit this vulnerability to
  +  gain "root" or superuser control of any vulnerable Sendmail server.
  +  The Common Vulnerabilities and Exposures (CVE) project assigned the id
  +  CAN-2002-1337 [2] to the problem.
   
     Please check whether you are affected by running "<prefix>/bin/rpm
     -q sendmail". If you have the "sendmail" package installed and its
  @@ -52,8 +52,8 @@
   ________________________________________________________________________
   
   References:
  -  [0] http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950
  -  [1] http://www.sendmail.org/
  +  [0] http://www.sendmail.org/
  +  [1] http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950
     [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1337
     [3] http://www.openpkg.org/tutorial.html#regular-source
     [4] http://www.openpkg.org/tutorial.html#regular-binary
  @@ .
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
CVS Repository Commit List                     [EMAIL PROTECTED]