From owner-freebsd-security  Wed Dec  4 10:21:29 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id KAA14266
          for security-outgoing; Wed, 4 Dec 1996 10:21:29 -0800 (PST)
Received: from rocky.mt.sri.com (rocky.mt.sri.com [206.127.76.100])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id KAA14261
          for <freebsd-security@freebsd.org>; Wed, 4 Dec 1996 10:21:27 -0800 (PST)
Received: (from nate@localhost) by rocky.mt.sri.com (8.7.5/8.7.3) id LAA10958; Wed, 4 Dec 1996 11:21:23 -0700 (MST)
Date: Wed, 4 Dec 1996 11:21:23 -0700 (MST)
Message-Id: <199612041821.LAA10958@rocky.mt.sri.com>
From: Nate Williams <nate@mt.sri.com>
To: "Aaron D. Gifford" <agifford@infowest.com>
Cc: freebsd-security@freebsd.org
Subject: Re: Sendmail 8.8.4 questions...
In-Reply-To: <3.0.32.19961120105316.0074d25c@infowest.com>
References: <3.0.32.19961120105316.0074d25c@infowest.com>
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

> Looking at www.sendmail.org I see that sendmail 8.8.4 has been
> released.

Peter incorporated it into -current the day it was released, and Poul
merged almost all of it into 2.2 about 4 hours later.  (He missed a
non-important change in makemap).


> >From that page I read, "Sendmail 8.8.4 fixes the security problem described
> in CERT Advisory CA-96.24."  Now wasn't that fixed in 8.8.3?  If so, is
> 8.8.4 just a minor bug release with no real security fixes over 8.8.3?
> Does anyone even know?

It fixes a security bug with .forward and alias::include file handling.


Nate