Bug 556574 - update to 8.14.4
Summary: update to 8.14.4
Keywords:
Status: CLOSED DUPLICATE of bug 552078
Alias: None
Product: Fedora
Classification: Fedora
Component: sendmail
Version: rawhide
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Jaroslav Škarvada
QA Contact: Fedora Extras Quality Assurance
URL: http://www.sendmail.org/releases/8.14.4
Whiteboard:
Depends On:
Blocks: CVE-2009-4565
TreeView+ depends on / blocked
 
Reported: 2010-01-18 18:18 UTC by acount closed by user
Modified: 2010-02-02 13:23 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2010-02-02 13:23:57 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description acount closed by user 2010-01-18 18:18:38 UTC 
This version fixes some problems:

    * some certificate authorities do not properly check the requests they are signing and hence allow spoofing via an embedded NUL in the CN entry. Some checks have been added to deal with "bogus" CNs (see below and doc/op/op.*).
    * a workaround for a Linux resolver problem has been added to avoid core dumps.
    * the value of headers, e.g., Precedence, Content-Type, et.al., was not extracted correctly thus preventing them from being recognized properly; leading spaces were not stripped (which was an unintended side effect of an earlier change) and hence comparing them with expected values (e.g., "first-class" for Precedence) did not work.
    * between 8.11.7 and 8.12.0 the length limitation on a return path was erroneously reduced.


full list of changes: http://www.sendmail.org/releases/8.14.4#RS

-thanks-
Comment 1 Josh Bressers 2010-01-22 03:07:31 UTC 
Ping

While this flaw isn't of overly high severity, we should probably fix it in
Fedora. I'm adding the Security keyword.

Thanks.
Comment 2 Jaroslav Škarvada 2010-02-02 13:23:57 UTC 
Dupe of #552078, keywords and blocks transferred to original bug.

*** This bug has been marked as a duplicate of bug 552078 ***
Note You need to log in before you can comment on or make changes to this bug.