tech-security: Re: New CERT advisory for sendmail pre 8.13.6

Subject: Re: New CERT advisory for sendmail pre 8.13.6
To: Adrian Portelli <adrianp@NetBSD.org>
From: Brian A. Seklecki <lavalamp@spiritual-machines.org>
List: tech-security
Date: 03/29/2006 00:38:47
On Wed, 22 Mar 2006, Adrian Portelli wrote:

> Ed Ravin wrote:
>> I presume that by now most of the folks on this list have heard of
>> the CERT advisory on Sendmail.  According to the vulnerability notes:
>>
>>    http://www.kb.cert.org/vuls/id/834865
>>
>> NetBSD is listed as "unknown".  Can anyone provide better information?
>> Did the NetBSD project or security officer get an early notice?
>>
>
> If you use sendmail from pkgsrc 8.13.5nb2 includes the patch for this
> issue from sendmail.org.

The fix was commited 3 days ago, pulled into the 3-, 3.0, 2-, 2.0, 2.1 
branches, but I don't see a security advisory yet (FreeBSD released on, 
Net/Open did not):

~BAS

===

From: 	Christos Zoulas <christos@netbsd.org>
Reply-To: 	christos@netbsd.org
To: 	source-changes@NetBSD.org
Subject: 	CVS commit: src/gnu/dist/sendmail
Date: 	Fri, 24 Mar 2006 16:09:01 +0000 (UTC)

Module Name:    src
Committed By:   christosate:           Fri Mar 24 16:09:01 UTC 2006

Modified Files:
         src/gnu/dist/sendmail/libsm: fflush.c local.h refill.c
         src/gnu/dist/sendmail/sendmail: collect.c conf.c deliver.c 
headers.c
             mime.c parseaddr.c savemail.c sendmail.h sfsasl.c sfsasl.h
             srvrsmtp.c tls.c usersmtp.c util.c version.c

Log Message:
Apply patch 8.13.5.p0 from sendmail.org; Although we are running 8.13.4,
this applied with mimimal fixes.


To generate a diff of this commit:
cvs rdiff -r1.1.1.2 -r1.2 src/gnu/dist/sendmail/libsm/fflush.c
cvs rdiff -r1.1.1.4 -r1.2 src/gnu/dist/sendmail/libsm/local.h
cvs rdiff -r1.1.1.3 -r1.2 src/gnu/dist/sendmail/libsm/refill.c
cvs rdiff -r1.12 -r1.13 src/gnu/dist/sendmail/sendmail/collect.c \
     src/gnu/dist/sendmail/sendmail/sfsasl.c \
     src/gnu/dist/sendmail/sendmail/srvrsmtp.c \
     src/gnu/dist/sendmail/sendmail/usersmtp.c \
     src/gnu/dist/sendmail/sendmail/util.c
cvs rdiff -r1.20 -r1.21 src/gnu/dist/sendmail/sendmail/conf.c
cvs rdiff -r1.13 -r1.14 src/gnu/dist/sendmail/sendmail/deliver.c \
     src/gnu/dist/sendmail/sendmail/headers.c
cvs rdiff -r1.7 -r1.8 src/gnu/dist/sendmail/sendmail/mime.c
cvs rdiff -r1.15 -r1.16 src/gnu/dist/sendmail/sendmail/parseaddr.c
cvs rdiff -r1.10 -r1.11 src/gnu/dist/sendmail/sendmail/savemail.c
cvs rdiff -r1.16 -r1.17 src/gnu/dist/sendmail/sendmail/sendmail.h \
     src/gnu/dist/sendmail/sendmail/version.c
cvs rdiff -r1.5 -r1.6 src/gnu/dist/sendmail/sendmail/sfsasl.h
cvs rdiff -r1.1.1.4 -r1.2 src/gnu/dist/sendmail/sendmail/tls.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

>
> adrian.
>

l8*
 	-lava

x.25 - minix - bitnet - plan9 - 110 bps - ASR 33 - base8