From owner-freebsd-security Tue Jun 4 10:51:19 2002 Delivered-To: freebsd-security@freebsd.org Received: from horsey.gshapiro.net (horsey.gshapiro.net [209.220.147.178]) by hub.freebsd.org (Postfix) with ESMTP id 8051237B415 for ; Tue, 4 Jun 2002 10:51:05 -0700 (PDT) Received: from horsey.gshapiro.net (gshapiro@localhost [IPv6:::1]) by horsey.gshapiro.net (8.12.4/8.12.4) with ESMTP id g54Hp5Hg063758 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO) for ; Tue, 4 Jun 2002 10:51:05 -0700 (PDT) Received: (from gshapiro@localhost) by horsey.gshapiro.net (8.12.4/8.12.4/Submit) id g54Hp4Xn063755; Tue, 4 Jun 2002 10:51:04 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15612.65032.569720.821128@horsey.gshapiro.net> Date: Tue, 4 Jun 2002 10:51:04 -0700 From: Gregory Neil Shapiro To: freebsd-security@FreeBSD.ORG Subject: Re: Security fixes in Sendmail 8.12.4 In-Reply-To: <15612.64901.18897.489322@horsey.gshapiro.net> References: <20020604195354.M27608@wu-wien.ac.at> <15612.64901.18897.489322@horsey.gshapiro.net> X-Mailer: VM 7.00 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org matuska> Will the Sendmail security fixes introduced in Sendmail 8.12.4 matuska> (file locking) be included in 4.6-RELEASE or in the coming bugfix matuska> branch RELENG_4_6 first? gshapiro> They already are via changes to /etc/mail/Makefile and gshapiro> installworld. I should note however that sendmail is one of many programs that can be DoS'ed via locking. I'd encourage the security officer to sweep through the tree looking for this type of problem. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message