Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 21 Sep 2003 15:05:34 +1200 (NZST)
From:      Andrew McNaughton <andrew@scoop.co.nz>
To:        "Andrej (Andy) Brodnik" <Andrej.Brodnik@IMFM.Uni-Lj.SI>
Cc:        freebsd-security@freebsd.org
Subject:   Re: Sendmail vulnerability
Message-ID:  <20030921145659.B56005@a2.scoop.co.nz>
In-Reply-To: <20030920072008.GK7655@Svarun.Gotska.IJP.SI>
References:  <20030917162118.GB4838@madman.celabo.org> <20030918161314.J29876@a2.scoop.co.nz> <20030920072008.GK7655@Svarun.Gotska.IJP.SI>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sat, 20 Sep 2003, Andrej (Andy) Brodnik wrote:

> Date: Sat, 20 Sep 2003 09:20:08 +0200
> From: "Andrej (Andy) Brodnik" <Andrej.Brodnik@IMFM.Uni-Lj.SI>
> To: Andrew McNaughton <andrew@scoop.co.nz>
> Cc: freebsd-security@freebsd.org
> Subject: Re: Sendmail vulnerability
>
> On Thu, Sep 18, 2003 at 04:17:07PM +1200, Andrew McNaughton wrote:
> >
> > I've been using  sendmail from ports for some  time. I just upgraded
> > to sendmail 8.12.10 by changing  the version number in the makefile,
> > then doing `make makesum build deinstall reinstall`.
> >
> > Everything  built cleanly, started  up ok,  accepted a  delivery and
> > generally looks oK so far an outgoiand looks ok so far.
>
> And this is OK? I mean does this remove the security problem?

I haven't tested vulnerability directly, but 8.12.10 was brought out after
the exploit was reported in order to address the security issue.

Since my message to the list, the sendmail port has been updated in the
FreeBSD CVS repository in precisely the same way I did it.  The CVS update
has the message:

     Security update to 8.12.10 Approved by: marcus (portmgr)

You could always check the new sendmail sources yourself.

--

No added Sugar.  Not tested on animals.  May contain traces of Nuts.  If
irritation occurs, discontinue use.

-------------------------------------------------------------------
Andrew McNaughton           Currently in Boomer Bay, Tasmania
andrew@scoop.co.nz
Mobile: +61 422 753 792     http://staff.scoop.co.nz/andrew/cv.doc

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030921145659.B56005>