Description of problem: This may have gotten wiped out by the Bugzilla
hard drive crash; I didn't look close to see that it was filed only under 
Fedora Core development. My bad. Anyway...to the security flaw you've come to 
know and love:

Sendmail does not properly handle malformed multipart MIME messages. This
vulnerability may allow a remote, unauthenticated attacker to cause a
denial-of-service condition.

Version-Release number of selected component (if applicable):
8.13.7

Additional info:

"A flaw in the handling of multi-part MIME messages was discovered in
Sendmail.  A remote attacker could create a carefully crafted message that
could crash the sendmail process during delivery (CVE-2006-1173).  By
default on Red Hat Enterprise Linux, Sendmail is configured to only accept
connections from the local host. Therefore, only users who have configured
Sendmail to listen to remote hosts would be remotely vulnerable to this issue.
                                                                               
 
"Users of Sendmail are advised to upgrade to these erratum packages, which
contain a backported patch from the Sendmail team to correct this issue."

References:
   * http://www.kb.cert.org/vuls/id/146718
   * http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1173
   * Sendmail advisory "Sendmail-SA-200605-01":
     http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc




How reproducible:
Always

Steps to Reproduce:
1. See above.
2.
3.
  
Actual results:
Sendmail can be DOS'd.

Expected results:
Emails should get through and no DOS'd. Also, this version fixes
some other bugs of note, reference http://www.sendmail.org.