Subject: Re: New CERT advisory for sendmail pre 8.13.6
To: Adrian Portelli <>
From: Brian A. Seklecki <>
List: tech-security
Date: 03/29/2006 00:38:47
On Wed, 22 Mar 2006, Adrian Portelli wrote:

> Ed Ravin wrote:
>> I presume that by now most of the folks on this list have heard of
>> the CERT advisory on Sendmail.  According to the vulnerability notes:
>> NetBSD is listed as "unknown".  Can anyone provide better information?
>> Did the NetBSD project or security officer get an early notice?
> If you use sendmail from pkgsrc 8.13.5nb2 includes the patch for this
> issue from

The fix was commited 3 days ago, pulled into the 3-, 3.0, 2-, 2.0, 2.1 
branches, but I don't see a security advisory yet (FreeBSD released on, 
Net/Open did not):



From: 	Christos Zoulas <>
Subject: 	CVS commit: src/gnu/dist/sendmail
Date: 	Fri, 24 Mar 2006 16:09:01 +0000 (UTC)

Module Name:    src
Committed By:   christosate:           Fri Mar 24 16:09:01 UTC 2006

Modified Files:
         src/gnu/dist/sendmail/libsm: fflush.c local.h refill.c
         src/gnu/dist/sendmail/sendmail: collect.c conf.c deliver.c 
             mime.c parseaddr.c savemail.c sendmail.h sfsasl.c sfsasl.h
             srvrsmtp.c tls.c usersmtp.c util.c version.c

Log Message:
Apply patch 8.13.5.p0 from; Although we are running 8.13.4,
this applied with mimimal fixes.

To generate a diff of this commit:
cvs rdiff -r1.1.1.2 -r1.2 src/gnu/dist/sendmail/libsm/fflush.c
cvs rdiff -r1.1.1.4 -r1.2 src/gnu/dist/sendmail/libsm/local.h
cvs rdiff -r1.1.1.3 -r1.2 src/gnu/dist/sendmail/libsm/refill.c
cvs rdiff -r1.12 -r1.13 src/gnu/dist/sendmail/sendmail/collect.c \
     src/gnu/dist/sendmail/sendmail/sfsasl.c \
     src/gnu/dist/sendmail/sendmail/srvrsmtp.c \
     src/gnu/dist/sendmail/sendmail/usersmtp.c \
cvs rdiff -r1.20 -r1.21 src/gnu/dist/sendmail/sendmail/conf.c
cvs rdiff -r1.13 -r1.14 src/gnu/dist/sendmail/sendmail/deliver.c \
cvs rdiff -r1.7 -r1.8 src/gnu/dist/sendmail/sendmail/mime.c
cvs rdiff -r1.15 -r1.16 src/gnu/dist/sendmail/sendmail/parseaddr.c
cvs rdiff -r1.10 -r1.11 src/gnu/dist/sendmail/sendmail/savemail.c
cvs rdiff -r1.16 -r1.17 src/gnu/dist/sendmail/sendmail/sendmail.h \
cvs rdiff -r1.5 -r1.6 src/gnu/dist/sendmail/sendmail/sfsasl.h
cvs rdiff -r1.1.1.4 -r1.2 src/gnu/dist/sendmail/sendmail/tls.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

> adrian.


x.25 - minix - bitnet - plan9 - 110 bps - ASR 33 - base8