FreeBSD-SA-03:11.sendmail
Matthew Seaman
m.seaman at infracaninophile.co.uk
Tue Aug 26 11:37:50 PDT 2003
On Tue, Aug 26, 2003 at 12:39:13PM -0400, Adam Mazza wrote:
>
> Thanks for the response. I went ahead and am running P4 but my sendmail
> version didn't actually change, it's still 8.12.8p1 does the fix not
> upgrade to 8.12.9
The advisory has since come out on freebsd-announce at ...
FreeBSD-SA-03:11.sendmail is on the FTP site at
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:11.sendmail.asc
and the link on the website front page will appear Real Soon Now.
If you look at
http://www.freebsd.org/cgi/cvsweb.cgi/src/contrib/sendmail/src/?sortby=date&only_with_tag=RELENG_4_8#dirlist
you'll see that the fix requires a minimal patch to the file
sm_resolve.c:
===================================================================
RCS file: /usr/local/www/cvsroot/FreeBSD/src/contrib/sendmail/src/sm_resolve.c,v
retrieving revision 1.1.1.1.2.2
retrieving revision 1.1.1.1.2.2.4.1
diff -u -p -r1.1.1.1.2.2 -r1.1.1.1.2.2.4.1
--- src/contrib/sendmail/src/sm_resolve.c 2002/06/27 20:43:24 1.1.1.1.2.2
+++ src/contrib/sendmail/src/sm_resolve.c 2003/08/25 22:35:23 1.1.1.1.2.2.4.1
@@ -233,6 +233,7 @@ parse_dns_reply(data, len)
dns_free_data(r);
return NULL;
}
+ memset(*rr, 0, sizeof(**rr));
(*rr)->rr_domain = sm_strdup(host);
if ((*rr)->rr_domain == NULL)
{
This has been applied to all of the code branches mentioned in the
advisory, but only STABLE (RELENG_4) and CURRENT (HEAD) got the full
import of sendmail-8.12.9, which contains other, non-security related,
fixes as well.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20030826/ed6cce6f/attachment.bin
More information about the freebsd-questions
mailing list