Date: Thu, 18 Sep 2003 16:17:07 +1200 (NZST) From: Andrew McNaughton <andrew@scoop.co.nz> To: freebsd-security@freebsd.org Subject: Re: Sendmail vulnerability Message-ID: <20030918161314.J29876@a2.scoop.co.nz> In-Reply-To: <6.0.0.22.0.20030917134441.08ac86a8@209.112.4.2> References: <20030917162118.GB4838@madman.celabo.org> <6.0.0.22.0.20030917134441.08ac86a8@209.112.4.2>
next in thread | previous in thread | raw e-mail | index | archive | help
I've been using sendmail from ports for some time. I just upgraded to sendmail 8.12.10 by changing the version number in the makefile, then doing `make makesum build deinstall reinstall`. Everything built cleanly, started up ok, accepted a delivery and generally looks oK so far an outgoiand looks ok so far. Andrew On Wed, 17 Sep 2003, Mike Tancsa wrote: > Date: Wed, 17 Sep 2003 13:46:14 -0400 > From: Mike Tancsa <mike@sentex.net> > To: Jacques A. Vidrine <nectar@freebsd.org>, freebsd-security@freebsd.org > Cc: gshapiro@freebsd.org > Subject: Re: Sendmail vulnerability > > > Looks like they have released http://www.sendmail.org/8.12.10.html > > Are their plans to import/mfc this into stable ? No doubt a busy day for > the Sendmail folk as well :-( > > ---Mike > > At 12:21 PM 17/09/2003, Jacques A. Vidrine wrote: > >You've probably already seen the latest sendmail vulnerability. > > > >http://lists.netsys.com/pipermail/full-disclosure/2003-September/010287.html > > > >I believe you can apply the following patch to any of the security > >branches: > > > >http://cvsweb.freebsd.org/src/contrib/sendmail/src/parseaddr.c.diff?r1=1.1.1.17&r2=1.1.1.18 > > > >Download the patch and: > > > > # cd /usr/src > > # patch -p1 < /path/to/patch > > # cd /usr/src/usr.sbin/sendmail > > # make obj && make depend && make && make install > > > > > >Official advisory will go out later today. > > > >Cheers, > >-- > >Jacques Vidrine . NTT/Verio SME . FreeBSD UNIX . Heimdal > >nectar@celabo.org . jvidrine@verio.net . nectar@freebsd.org . nectar@kth.se > >_______________________________________________ > >freebsd-security@freebsd.org mailing list > >http://lists.freebsd.org/mailman/listinfo/freebsd-security > >To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > -- No added Sugar. Not tested on animals. May contain traces of Nuts. If irritation occurs, discontinue use. ------------------------------------------------------------------- Andrew McNaughton Currently in Boomer Bay, Tasmania andrew@scoop.co.nz Mobile: +61 422 753 792 http://staff.scoop.co.nz/andrew/cv.doc
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030918161314.J29876>