tech-security: Re: 2 Postfix vulnerabilities -- Postfix 2.0.6 backport for

Subject: Re: 2 Postfix vulnerabilities -- Postfix 2.0.6 backport for
To: Perry E. Metzger <perry@piermont.com>
From: Brian A. Seklecki <lavalamp@spiritual-machines.org>
List: tech-security
Date: 08/05/2003 16:28:07

On Mon, 2003-08-04 at 22:38, Perry E. Metzger wrote:
> 
> "Brian A. Seklecki" <lavalamp@spiritual-machines.org> writes:
> > This might call for a backport of the 2.0.6 upgrades from -current into
> > the -rnetbsd-1-6 branch:
> > 
> > http://cvsweb.netbsd.org/bsdweb.cgi/src/gnu/usr.sbin/postfix/Makefile
> > 
> > http://www.securityfocus.com/archive/1/331713/2003-08-01/2003-08-07/0
> > 
> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0540
> > 
> > However I havn't seen a proof-of-concept documented.  I'm going to test
> > it now.
> 
> There is no point in that.

Okay.  The PR is: security/22372 (for good measure)

-lava