Information on source package sendmail

Available versions

ReleaseVersion
jessie8.14.4-8+deb8u2
stretch8.15.2-8+deb9u2
buster8.15.2-14~deb10u3
bullseye8.15.2-22+deb11u3
bookworm8.17.1.9-2+deb12u2
trixie8.18.1-6
sid8.18.1-6

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2023-51765vulnerablefixedfixedfixedfixedfixedfixedsendmail through 8.17.2 allows SMTP smuggling in certain configuration ...
CVE-2021-3618vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedALPACA is an application layer protocol content confusion attack, expl ...

Resolved issues

BugDescription
TEMP-0841257-B7CD60sendmail: Privilege escalation from group smmsp to root
CVE-2022-31256A Improper Link Resolution Before File Access ('Link Following') vulne ...
CVE-2014-3956The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has ...
CVE-2009-4565sendmail before 8.14.4 does not properly handle a '\0' character in a ...
CVE-2009-1490Heap-based buffer overflow in Sendmail before 8.13.2 allows remote att ...
CVE-2006-7176The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update ...
CVE-2006-7175The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update ...
CVE-2006-4434Use-after-free vulnerability in Sendmail before 8.13.8 allows remote a ...
CVE-2006-1173Sendmail before 8.13.7 allows remote attackers to cause a denial of se ...
CVE-2006-0058Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows ...
CVE-2004-0833Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and sasl-b ...
CVE-2003-0694The prescan function in Sendmail 8.12.9 allows remote attackers to exe ...
CVE-2003-0688The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdn ...
CVE-2003-0681A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, ...
CVE-2003-0308The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely ...
CVE-2003-0161The prescan() function in the address parser (parseaddr.c) in Sendmail ...
CVE-2002-2261Sendmail 8.9.0 through 8.12.6 allows remote attackers to bypass relayi ...
CVE-2002-1827Sendmail 8.9.0 through 8.12.3 allows local users to cause a denial of ...
CVE-2002-1337Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to ...
CVE-2002-1165Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, 8.1 ...
CVE-2002-0906Buffer overflow in Sendmail before 8.12.5, when configured to use a cu ...
CVE-1999-1592Multiple unspecified vulnerabilities in sendmail 5, as installed on Su ...
CVE-1999-1580SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding ho ...

Security announcements

DSA / DLADescription
ELA-1124-1sendmail - security update
DLA-3829-2sendmail - regression update
DLA-3829-1sendmail - security update
DSA-1985-1sendmail - insufficient input validation
DSA-1164sendmail - programming error
DSA-1155sendmail - programming error
DSA-1015-1sendmail - programming error
DSA-554-1sendmail - pre-set password
DSA-384sendmail - buffer overflows
DSA-305sendmail - insecure temporary files
DSA-278sendmail - char-to-int conversion
DSA-257sendmail - remote exploit

Search for package or bug name: Reporting problems