sendmail 8.14.4
Phil Oleson
oz at nixil.net
Sat Jan 16 00:13:45 UTC 2010
I'm seeing this in the release notes for the latest release of sendmail, plus a customers
PCI scan is reporting this as a problem. I know many of these scans tend to do version
string checks and don't actually check if the problem is possible to exploit, but I just
wanted your thoughts on if this is something the security team feels it needs to deal with
or not?
-Phil.
8.14.4/8.14.4 2009/12/30
SECURITY: Handle bogus certificates containing NUL characters
in CNs by placing a string indicating a bad certificate
in the {cn_subject} or {cn_issuer} macro. Patch inspired
by Matthias Andree's changes for fetchmail.
More information about the freebsd-security
mailing list