From: misi3k <misi3k@pld-linux.org>
Date: Sat, 29 Mar 2003 19:44:14 +0000 (+0000)
Subject: - security update to 8.12.9
X-Git-Tag: sendmail-8_12_11-7_1~7
X-Git-Url: http://git.pld-linux.org/?p=packages%2Fsendmail.git;a=commitdiff_plain;h=ff579693f2e3546c4de6c6bb08599c48b3a3d669

- security update to 8.12.9
BUGS (bugtraq):
SECURITY: Fix a buffer overflow in address parsing due to
		a char to int conversion problem which is potentially
		remotely exploitable.  Problem found by Michal Zalewski.
  		Note: an MTA that is not patched might be vulnerable to
		data that it receives from untrusted sources, which
		includes DNS.
	To provide partial protection to internal, unpatched sendmail MTAs,
		8.12.9 changes by default (char)0xff to (char)0x7f in
		headers etc.  To turn off this conversion compile with
		-DALLOW_255 or use the command line option -d82.101.
	To provide partial protection for internal, unpatched MTAs that may be
		performing 7->8 or 8->7 bit MIME conversions, the default
		for MaxMimeHeaderLength has been changed to 2048/1024.
		Note: this does have a performance impact, and it only
		protects against frontal attacks from the outside.
		To disable the checks and return to pre-8.12.9 defaults,

Changed files:
    sendmail.spec -> 1.121
---

diff --git a/sendmail.spec b/sendmail.spec
index e472eb5..bdd5fbc 100644
--- a/sendmail.spec
+++ b/sendmail.spec
@@ -16,7 +16,7 @@ Summary(ru):	
 Summary(tr):	Elektronik posta hizmetleri sunucusu
 Summary(uk):	ðÏÛÔÏ×ÉÊ ÔÒÁÎÓÐÏÒÔÎÉÊ ÁÇÅÎÔ sendmail
 Name:		sendmail
-Version:	8.12.8
+Version:	8.12.9
 Release:	1
 License:	BSD
 Group:		Networking/Daemons