Re: Sendmail patches in work?

To: debian-security@lists.debian.org
Subject: Re: Sendmail patches in work?
From: "Thomas Gebhardt" <gebhardt@HRZ.Uni-Marburg.DE>
Date: Tue, 04 Sep 2001 16:23:21 +0200
Message-id: <[🔎] 200109041423.f84ENMN7031412@pcrz175.HRZ.Uni-Marburg.DE>
In-reply-to: cowboy's message of Mon, 03 Sep 2001 15:18:57 -0400. <[🔎] Pine.LNX.4.33.0109031513000.2691-100000@back40.badlands.org>

Hi,

> > I wonder whether a sendmail security patch (input validation
> > error, BUGTRAQ ID: 3163) will be available soon?
> 
> No:
> 	1) The version in unstable(sid) Beta19 isn't vulnerable
> 	2) The version in testing (held back by ia64) is vulnerable,
> 	   but *ONLY* if run suid root, which isn't the case unless
> 	   the administrator changes things.
> 	3) The version in slink, base potato isn't vulnerable

thank you very for pointing me to this information!

Wouldn't it make sense to make this information available in
a security advisory? Just to say: we are not affected?
All major distributions have issued patches yet. The
recent sendmail vulnerabilty has drawn much attention on it.
I think that it is reasonable in such a situation to
issue a security advisory that points to the relevant
information and gives us system administrators a good
feeling.

Cheers, Thomas

Reply to:

References:
- Re: Sendmail patches in work?
  - From: Richard A Nelson <cowboy@debian.org>

Prev by Date: Re: CODA + portmapper == insecure?
Next by Date: Re: FW: a filter for tcp socket
Previous by thread: Re: Sendmail patches in work?
Next by thread: a filter for tcp socket
Index(es):
- Date
- Thread