[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Sendmail patches in work?


> > I wonder whether a sendmail security patch (input validation
> > error, BUGTRAQ ID: 3163) will be available soon?
> No:
> 	1) The version in unstable(sid) Beta19 isn't vulnerable
> 	2) The version in testing (held back by ia64) is vulnerable,
> 	   but *ONLY* if run suid root, which isn't the case unless
> 	   the administrator changes things.
> 	3) The version in slink, base potato isn't vulnerable

thank you very for pointing me to this information!

Wouldn't it make sense to make this information available in
a security advisory? Just to say: we are not affected?
All major distributions have issued patches yet. The
recent sendmail vulnerabilty has drawn much attention on it.
I think that it is reasonable in such a situation to
issue a security advisory that points to the relevant
information and gives us system administrators a good

Cheers, Thomas

Reply to: