On Fri, Mar 02, 2001 at 08:08:15PM -0800, Blue Boar wrote:
I noticed Caldera released a patch for mail today on Bugtraq.
"This security fix closes Caldera's internal Problem Report 9327."
http://www.securityfocus.com/archive/1/166232
Quite the coincidence.
There is none actually. We reacted on the bug he reported.
Our solution was just to drop the setgid mail bit, which we have been
shipping /bin/mail with.
Here's the vuln-dev thread:
http://securityfocus.com/templates/archive.pike?fromthread=1list=82threads=1mid=165918end=2001-03-03start=2001-02-25;
Seems that perhaps SosPiro should have been mentioned. I realize that
vuln-dev doesn't exactly give vendors advanced notice due to the
way it works, but still...
I am sorry we missed giving credit this time.
Ciao, Marcus
--
_ ___
/ __// /Caldera (Deutschland) GmbH
/ /_/ __ / /__ Naegelsbachstr. 49c, 91052 Erlangen
/_//_/ // Dipl. Inf. Marcus Meissner, email: [EMAIL PROTECTED]
/_/ ==phone: ++49 9131 7912-300, fax: ++49 9131 7192-399
Caldera OpenLinux