[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Wheezy update of sendmail?

Hi All,

2016-11-09 10:44 GMT+01:00 Andreas Beckmann <anbe@debian.org>:
> On 2016-10-31 23:17, Andreas Beckmann wrote:
>> Please go ahead - probably we could use the fix (that someone produces
>> for wheezy) for jessie and sid as well. Please put everything into git,
>> branch wheezy, the repo is in collab-maint.
> I have now a completely untested patch for this issue sitting in GIT
> master (can be cherry-picked into wheezy with only a changelog
> conflict). Any feedback and testing would be welcome.

The changes look good to me but I think this internal security
improvement does not warrant a security update for wheezy like it is
marked as no-dsa for jessie, too.

The vulnerability would allow privilege escalation from group smmsp to
root but there seems to be no known privilege escalation vulnerability
from a normal user to smmsp and normal users should not be part of
smmsp group:


Reply to: