From: TurboLinux Security Team <security@www1.turbolinux.com> Subject: [TL-Security-Announce] Retraction of Impact Statement in Sendmail Security Advisory: TLSA2001003-1 Date: 11 May 2001 19:01:52 -0700 We would like to make a correction in regard to a statement made in the security advisory that was posted on February 22 for the package "sendmail-8.11.2-5". In the advisory, it is stated that "A user can gain root access privileges." This is NOT the case. The -bt index bug is NOT exploitable, and therefore, has no security impact. Special thanks to Kris Kenneway for pointing this out. For more information on this issue, please review the following URL: http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Ftid%3D138299%26threads%3D1%26end%3D2000-10-14%26list%3D1%26start%3D2000-10-08%26 The package sendmail-8.11.2-5 will remain available on our ftp site as it does contain the fixes to prevent the -bt index bug. Turbolinux is committed to developing quality products with a strong emphasis on security. Thank you.