Andrew Brown <atatat@netbsd.org> wrote on Mon,  3 Mar 2003
at 23:20:51 +0200 in <20030303212051.9A6B5B004@cvs.netbsd.org>:

> Log Message:
> Apply patch from sendmail.org to handle a new header overflow bug
> (note: not currently believed to be exploitable).

This is inaccurate.

Poor wording in sendmail.org's announcement resulted in some confusion.

This is indeed believed to be critically exploitable.

Please revise the log message.

--jhawk