From owner-freebsd-security  Mon Sep 24 14: 9:44 2001
Delivered-To: freebsd-security@freebsd.org
Received: from ns.yogotech.com (ns.yogotech.com [206.127.123.66])
	by hub.freebsd.org (Postfix) with ESMTP id 9A70337B40C
	for <security@FreeBSD.ORG>; Mon, 24 Sep 2001 14:09:41 -0700 (PDT)
Received: from nomad.yogotech.com (nomad.yogotech.com [206.127.123.131])
	by ns.yogotech.com (8.9.3/8.9.3) with ESMTP id PAA27491;
	Mon, 24 Sep 2001 15:09:39 -0600 (MDT)
	(envelope-from nate@nomad.yogotech.com)
Received: (from nate@localhost)
	by nomad.yogotech.com (8.8.8/8.8.8) id PAA27177;
	Mon, 24 Sep 2001 15:09:39 -0600 (MDT)
	(envelope-from nate)
From: Nate Williams <nate@yogotech.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <15279.41235.75925.318173@nomad.yogotech.com>
Date: Mon, 24 Sep 2001 15:09:39 -0600
To: Kris Kennaway <kris@obsecurity.org>
Cc: Nate Williams <nate@yogotech.com>, security@FreeBSD.ORG
Subject: Re: FreeBSD Security Advisory FreeBSD-SA-01:60.procmail
In-Reply-To: <20010924140632.A62096@xor.obsecurity.org>
References: <200109242049.f8OKnVr62118@freefall.freebsd.org>
	<15279.40183.345811.603978@nomad.yogotech.com>
	<20010924140632.A62096@xor.obsecurity.org>
X-Mailer: VM 6.95 under 21.1 (patch 12) "Channel Islands" XEmacs Lucid
Reply-To: nate@yogotech.com (Nate Williams)
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

> > > =============================================================================
> > > FreeBSD-SA-01:60                                           Security Advisory
> > >                                                                 FreeBSD, Inc.
> > > 
> > > Topic:          Multiple vulnerabilities in procmail signal handling
> > > V.   Solution
> > > 
> > > The port procmail-3.20 and later versions include fixes for these
> > > vulnerabilities.
> > 
> > I'm guessing this is supposed to be procmail-3.21 and later?
> 
> No, it's meant to be 3.20 and later.

Ahh, I read the vulnerability wrong.  It says

     procmail versions prior to procmail 3.20 performed unsafe actions
     while in the signal handlers.

I didn't parse 'prior to procmail 3.20' very well.

I'm sorry, my bad, ....



Nate

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message