Re: Wheezy update of sendmail?
2016-11-09 10:44 GMT+01:00 Andreas Beckmann <firstname.lastname@example.org>:
> On 2016-10-31 23:17, Andreas Beckmann wrote:
>> Please go ahead - probably we could use the fix (that someone produces
>> for wheezy) for jessie and sid as well. Please put everything into git,
>> branch wheezy, the repo is in collab-maint.
> I have now a completely untested patch for this issue sitting in GIT
> master (can be cherry-picked into wheezy with only a changelog
> conflict). Any feedback and testing would be welcome.
The changes look good to me but I think this internal security
improvement does not warrant a security update for wheezy like it is
marked as no-dsa for jessie, too.
The vulnerability would allow privilege escalation from group smmsp to
root but there seems to be no known privilege escalation vulnerability
from a normal user to smmsp and normal users should not be part of