Bug 556574
| Summary: | update to 8.14.4 | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | acount closed by user <a1459440> |
| Component: | sendmail | Assignee: | Jaroslav Škarvada <jskarvad> |
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | rawhide | CC: | bressers, jskarvad, mlichvar |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://www.sendmail.org/releases/8.14.4 | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2010-02-02 13:23:57 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 552622 | ||
Ping While this flaw isn't of overly high severity, we should probably fix it in Fedora. I'm adding the Security keyword. Thanks. Dupe of #552078, keywords and blocks transferred to original bug. *** This bug has been marked as a duplicate of bug 552078 *** |
This version fixes some problems: * some certificate authorities do not properly check the requests they are signing and hence allow spoofing via an embedded NUL in the CN entry. Some checks have been added to deal with "bogus" CNs (see below and doc/op/op.*). * a workaround for a Linux resolver problem has been added to avoid core dumps. * the value of headers, e.g., Precedence, Content-Type, et.al., was not extracted correctly thus preventing them from being recognized properly; leading spaces were not stripped (which was an unintended side effect of an earlier change) and hence comparing them with expected values (e.g., "first-class" for Precedence) did not work. * between 8.11.7 and 8.12.0 the length limitation on a return path was erroneously reduced. full list of changes: http://www.sendmail.org/releases/8.14.4#RS -thanks-