> Flame on:
> Please refrain from disclosing bug particulars on an email list.
There are lots of us out here with home-customized sendmails, who are
*really curious* whether we're running with the bug, and if so, what source
fixes to make. Are we all vulnerable out here or not? Even if the bug
isn't present in the stock 5.58, 5.65 or IDA sendmails, have we introduced
the bugs accidentally, ourselves, in our own changes? How can we test
Or are we all supposed to sit back ignorantly until a "suspicious" message
shows up in our mailboxes informing us that yes, we have now been broken
into and it's time to dig out the install tapes?
Your attitude will increase the chance that the majority of admins learn
about the problems long after the vandals, who may already be familiar with
it and have no problems whatsoever about sharing information between
A little knowledge may be a dangerous thing, but total ignorance is worse.
Tom Fitzgerald Wang Labs, Lowell MA, USA fitz @