Date: Tue, 4 Mar 2003 08:20:26 +0000 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Giorgos Keramidas <keramida@FreeBSD.ORG> Cc: Mike Loiterman <mike@ascendency.net>, freebsd-questions@FreeBSD.ORG Subject: Re: Sendmail patch questions... Message-ID: <20030304082026.GB6551@happy-idiot-talk.infracaninophi> In-Reply-To: <20030304022249.GB681@gothmog.gr> References: <002701c2e1df$95fc1f00$0301a8c0@mike> <20030304022249.GB681@gothmog.gr>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Mar 04, 2003 at 04:22:49AM +0200, Giorgos Keramidas wrote:
> PS: You can always upgrade to RELENG_4. Gregory Neil Shapiro, the
> maintainer of Sendmail on FreeBSD, has already merged the latest
> Sendmail version (8.12.8) to the RELENG_4 branch.
Actually, according to what I can see in a quick trawl through cvsweb,
he's MFC'd sendmail patches on all RELENG_x and RELENG_x_y branches
back to and including RELENG_3:
http://www.freebsd.org/cgi/cvsweb.cgi/src/contrib/sendmail/src/?sortby=date&only_with_tag=RELENG_3
However, it seems that his modifications don't constitute a complete
upgrade to sendmail-8.12.8 except on RELENG_4 and HEAD. Hence the
confusion over the binary updates given in the original security
alert. Your sendmail binary will be immune to this attack if you've
built it out of a recently cvsup'd source tree or installed one of the
binary patches so that:
-- you're running sendmail-8.12.8 or better
or
-- the string 'Dropped invalid comments from header address'
appears in the sendmail binary.
Thanks to Claus Assmann for pointing out the second test.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030304082026.GB6551>