Re: Sendmail patches in work?
Hi,
> > I wonder whether a sendmail security patch (input validation
> > error, BUGTRAQ ID: 3163) will be available soon?
>
> No:
> 1) The version in unstable(sid) Beta19 isn't vulnerable
> 2) The version in testing (held back by ia64) is vulnerable,
> but *ONLY* if run suid root, which isn't the case unless
> the administrator changes things.
> 3) The version in slink, base potato isn't vulnerable
thank you very for pointing me to this information!
Wouldn't it make sense to make this information available in
a security advisory? Just to say: we are not affected?
All major distributions have issued patches yet. The
recent sendmail vulnerabilty has drawn much attention on it.
I think that it is reasonable in such a situation to
issue a security advisory that points to the relevant
information and gives us system administrators a good
feeling.
Cheers, Thomas
Reply to: