a deficiency in the way ssmtp removed trailing '\n' sequence by processing lines beginning with a leading dot. A local user, could send a specially-crafted e-mail message via ssmtp send-only sendmail emulator, leading to ssmtp executable denial of service (exit with: ssmtp: standardise() -- Buffer overflow). Different vulnerability than CVE-2008-3962. http://cvs.fedoraproject.org/viewvc/rpms/ssmtp/devel/ssmtp-standardise.patch?view=log
* Fri Aug 27 2010 Denis Smirnov <mithraen@altlinux> 2.62.2-alt10 - ALT #23964