Version 8.18.0.2 fixes the new SMTP smuggling attack: https://www.openwall.com/lists/oss-security/2023/12/21/6 https://www.openwall.com/lists/oss-security/2023/12/26/5
Whiteboard: (none) => MGA9TOOSource RPM: (none) => sendmail-8.17.2-1.mga10.src.rpmCVE: (none) => CVE-2023-51765
Christiaan put up the current version, and looks to be the main sendmail maintainer; assigning to you.
Status comment: (none) => Fixed in Version 8.18.0.2Assignee: bugsquad => cjw
also applies to Postfix: http://www.postfix.org/smtp-smuggling.html https://nvd.nist.gov/vuln/detail/CVE-2023-51764 and exim: https://nvd.nist.gov/vuln/detail/CVE-2023-51766
CC: (none) => pfortin
(In reply to Pierre Fortin from comment #2) > also applies to Postfix: http://www.postfix.org/smtp-smuggling.html > https://nvd.nist.gov/vuln/detail/CVE-2023-51764 That issue was already fixed in bug 32647. > and exim: https://nvd.nist.gov/vuln/detail/CVE-2023-51766 exim is not provided by Mageia. Best regards,
Whiteboard: MGA9TOO => (none)Source RPM: sendmail-8.17.2-1.mga10.src.rpm => sendmail-8.17.1-4.mga9.src.rpmVersion: Cauldron => 9