Date: Mon, 24 Sep 2001 15:09:39 -0600 From: Nate Williams <nate@yogotech.com> To: Kris Kennaway <kris@obsecurity.org> Cc: Nate Williams <nate@yogotech.com>, security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory FreeBSD-SA-01:60.procmail Message-ID: <15279.41235.75925.318173@nomad.yogotech.com> In-Reply-To: <20010924140632.A62096@xor.obsecurity.org> References: <200109242049.f8OKnVr62118@freefall.freebsd.org> <15279.40183.345811.603978@nomad.yogotech.com> <20010924140632.A62096@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> > > =============================================================================
> > > FreeBSD-SA-01:60 Security Advisory
> > > FreeBSD, Inc.
> > >
> > > Topic: Multiple vulnerabilities in procmail signal handling
> > > V. Solution
> > >
> > > The port procmail-3.20 and later versions include fixes for these
> > > vulnerabilities.
> >
> > I'm guessing this is supposed to be procmail-3.21 and later?
>
> No, it's meant to be 3.20 and later.
Ahh, I read the vulnerability wrong. It says
procmail versions prior to procmail 3.20 performed unsafe actions
while in the signal handlers.
I didn't parse 'prior to procmail 3.20' very well.
I'm sorry, my bad, ....
Nate
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15279.41235.75925.318173>