> > I diffed 8.6.10 against what I was previously running (8.6.8). > Significant changes from bugtraq's point of view are mostly being more > paranoid about believing strings coming from possibly-untrustworthy > sources. Here's the list: Well, perhaps the list would have been more cleaner had you diffed against 8.6.9 or get sendmail.8.6.10.patch from ftp.cs.berkeley.edu - it's 25K size. Does anyone know if IDA sendmail is vulnerable? CERT advisory doesn't mention it - is it because IDA considered obsoleted or because it is clean? -- Igor V. Semenyuk Internet: iga@sovam.com SOVAM Teleport Phone: +7 095 956 3008 Moscow, Russia