From the advisory: Attackers may remotely exploit this vulnerability to gain "root" or superuser control of any vulnerable Sendmail server. Affected Versions: Sendmail versions from 5.79 to 8.12.7 are vulnerable Note: The affected versions of Sendmail commercial, Sendmail open source running on all platforms are known to be vulnerable. Description: The Sendmail remote vulnerability occurs when processing and evaluating header fields in email collected during an SMTP transaction. Specifically, when fields are encountered that contain addresses or lists of addresses (such as the "From" field, "To" field and "CC" field), Sendmail attempts to semantically evaluate whether the supplied address (or list of addresses) are valid. This is accomplished using the crackaddr() function, which is located in the headers.c file in the Sendmail source tree. Fix: upgrade to 8.12.8 There is already a bug (#16755) with an ebuild for 8.12.8 Reproducible: Always Steps to Reproduce:
Fixed on cvs. GLSA still needs to be sent out.
glsa sent.
*** Bug 16836 has been marked as a duplicate of this bug. ***