From jez@netcraft.co.uk  Thu Sep 19 04:08:53 1996
Received: from ns0.netcraft.co.uk (ns0.netcraft.co.uk [194.72.238.4])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id EAA24144
          for <FreeBSD-gnats-submit@freebsd.org>; Thu, 19 Sep 1996 04:08:46 -0700 (PDT)
Received: (from jez@localhost) by ns0.netcraft.co.uk (8.7.5/8.6.9) id MAA14616; Thu, 19 Sep 1996 12:03:53 +0100 (BST)
Message-Id: <199609191103.MAA14616@ns0.netcraft.co.uk>
Date: Thu, 19 Sep 1996 12:03:53 +0100 (BST)
From: jez@netcraft.co.uk (Jeremy Prior)
Reply-To: jez@netcraft.co.uk (Jeremy Prior)
To: FreeBSD-gnats-submit@freebsd.org
Subject: sendmail-8.7.6 security fix
X-Send-Pr-Version: 3.2

>Number:         1647
>Category:       bin
>Synopsis:       sendmail 8.7.6 fixes vulnerabilities in CERT CA-96.20
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Sep 19 04:10:02 PDT 1996
>Closed-Date:    Thu Sep 19 04:26:55 PDT 1996
>Last-Modified:  Thu Sep 19 04:27:32 PDT 1996
>Originator:     Jeremy Prior
>Release:        FreeBSD 2.1-STABLE i386
>Organization:
Netcraft Ltd
>Environment:

	Both -stable and -current are running sendmail 8.7.5

>Description:

	CERT have just released an advisory (CA-96.20) detailing two
	vulnerabilities in *all* versions of sendmail upto and including
	sendmail 8.7.5 - the version used by both FreeBSD-stable and
	FreeBSD-current.

>How-To-Repeat:

	See ftp://info.cert.org/pub/cert_advisories/CA-96.20.sendmail_vul

>Fix:
	
	I've uploaded a (hopefully) minimal set of diffs to take our
	sendmail from 8.7.5 -> 8.7.6.  The file is:

	ftp://freefall.FreeBSD.org/incoming/sendmail-8.7.5-8.7.6-diffs.gz

	It cleanly installs and compiles on my -stable sources (SUP'd 19th
	Sept 96), but *I've not been able to test it yet*.  Caveat Emptor!

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: gpalmer 
State-Changed-When: Thu Sep 19 04:26:55 PDT 1996 
State-Changed-Why:  
Peter Wemm already imported 8.7.6 into both -current and -stable. 

>Unformatted:
