From owner-freebsd-security  Thu Aug 31 12:58:22 1995
Return-Path: security-owner
Received: (from majordom@localhost)
          by freefall.FreeBSD.org (8.6.11/8.6.6) id MAA19353
          for security-outgoing; Thu, 31 Aug 1995 12:58:22 -0700
Received: from haywire.DIALix.COM (haywire.DIALix.COM [192.203.228.65])
          by freefall.FreeBSD.org (8.6.11/8.6.6) with ESMTP id MAA19343
          for <freebsd-security@freebsd.org>; Thu, 31 Aug 1995 12:58:19 -0700
Received: (from news@localhost) by haywire.DIALix.COM (sendmail) id DAA10777 for freebsd-security@freebsd.org; Fri, 1 Sep 1995 03:58:14 +0800 (WST)
Received: from GATEWAY by haywire.DIALix.COM with netnews
	for freebsd-security@freebsd.org (problems to: usenet@haywire.dialix.com)
To: freebsd-security@freebsd.org
Date: 1 Sep 1995 03:58:10 +0800
From: peter@haywire.dialix.com (Peter Wemm)
Message-ID: <42548i$agm$1@haywire.DIALix.COM>
Organization: DIALix Services, Perth, Australia.
Subject: Eric Allman's syslog.c fixes
Sender: security-owner@freebsd.org
Precedence: bulk

Eric Allman is running a new syslog.c through the mill at the
moment. It'll be the one published in the RSN CERT advisory I presume.

It's thought to be bomproof on 4.4BSD systems (it uses vsnprintf), and
the only holdup is portability to other OS's.

I keep a pretty close eye on this area, as it's sendmail related.  Is
it worth bringing in the currently 'endorsed' version, and updating it
to the CERT version if there are any changes later?

-Peter