Date: Fri, 15 Jan 2010 16:50:32 -0700 From: Phil Oleson <oz@nixil.net> To: freebsd-security@freebsd.org Subject: sendmail 8.14.4 Message-ID: <4B50FF48.2070801@nixil.net>
next in thread | raw e-mail | index | archive | help
I'm seeing this in the release notes for the latest release of sendmail, plus a customers
PCI scan is reporting this as a problem. I know many of these scans tend to do version
string checks and don't actually check if the problem is possible to exploit, but I just
wanted your thoughts on if this is something the security team feels it needs to deal with
or not?
-Phil.
8.14.4/8.14.4 2009/12/30
SECURITY: Handle bogus certificates containing NUL characters
in CNs by placing a string indicating a bad certificate
in the {cn_subject} or {cn_issuer} macro. Patch inspired
by Matthias Andree's changes for fetchmail.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B50FF48.2070801>