Currently, RH is building procmail 3.14 (even in the latest Rawhide). This
really needs to be updated to procmail 3.15.1. 3.15.1 fixes a bug I'm
seeing where messages occasionally get bounced due to a race condition. In
addition, the changelogs claim that 3.15.0 fixes attempts to exploit a
Linux kernel bug (I don't know the details of that, or if it's a problem,
That's not a problem, as the kernel has been fixed a long time ago. I don't want
to upgrade at this late stage. I'll upgrade later.
Like I said, I'm not so much concerned with the alleged security problem. I am,
however, actually seeing the race-and-bounce fixed by 3.15.1. I've already had
to upgrade two 7.0 boxes to 3.15.1 because of that and if you ship 7.1 with a
known buggy procmail I'm going to have to do the same for all the 7.1 boxes I
There are _no_ open bugs against it.
And if we put in a new version, it wouldn't get that much testing - the chances
of shipping something buggy would be higher. So I have a pretty high threshold
of convincing right now... (and I and most others here use this every day