+8.6.11/8.6.11 95/03/08
+ The ``possible attack'' message would be logged more often
+ than necessary if you are using Pine as a user agent.
+ The wrong host would be reported in the ``possible attack''
+ message when attempted from IDENT.
+ In some cases the syslog buffer could be overflowed when
+ reporting the ``possible attack'' message. This can
+ cause denial of service attacks. Truncate the message
+ to 80 characters to prevent this problem.
+ When reading the IDENT response a loop is needed around the
+ read from the network to ensure that you don't get
+ partial lines.
+ Password entries without any shell listed (that is, a null
+ shell) wouldn't match as "ok". Problem noted by
+ Rob McMahon.
+ When running BIND 4.9.x a problem could occur because the
+ _res.options field is initialized differently than it
+ was historically -- this requires that sendmail call
+ res_init before it tweaks any bits.
+ Fix an incompatibility in openxscript() between the file open mode
+ and the stdio mode passed to fdopen. This caused UnixWare
+ 2.0 to have conniptions. Fix from Martin Sohnius of
+ Novell Labs Europe.
+ Fix problem with static linking of local getopt routine when
+ using GNU's ld command. Fix from John Kennedy of
+ Cal State Chico.
+ It was possible to turn off privacy flags. Problem noted by
+ *Hobbit*.
+ Be more paranoid about writing files. Suggestions by *Hobbit*
+ and Liudvikas Bukys.
+ MAKEMAP: fixes for 64 bit machines (DEC Alphas in particular)
+ from Spider Boardman.
+ CONFIG: No changes (version number only, to keep it in sync
+ with the binaries).
+
+8.6.10/8.6.10 95/02/10
+ SECURITY: Diagnose bogus values to some command line flags that
+ could allow trash to get into headers and qf files.
+ Validate the name of the user returned by the IDENT protocol.
+ Some systems that really dislike IDENT send intentionally
+ bogus information. Problem pointed out by Michael Bushnell
+ of the Free Software Foundation. Has some security
+ implications.
+ Fix a problem causing error messages about DNS problems when
+ the host name contained a percent sign to act oddly
+ because it was passed as a printf-style format string.
+ In some cases this could cause core dumps.
+ Avoid possible buffer overrun in returntosender() if error
+ message is quite ling. From Fletcher Mattox of the
+ University of Texas.
+ Fix a problem that would silently drop "too many hops" error
+ messages if and only if you were sending to an alias.
+ From Jon Giltner of the University of Colorado and
+ Dan Harton of Oak Ridge National Laboratory.
+ Fix a bug that caused core dumps on some systems if -d11.2 was
+ set and e->e_message was null. Fix from Bruce Nagel of
+ Data General.
+ Fix problem that can still cause df files to be left around
+ after "hop count exceeded" messages. Fix from Andrew
+ Chang and Shau-Ping Lo of SunSoft.
+ Fix a problem that can cause buffer overflows on very long
+ user names (as might occur if you piped to a program
+ with a lot of arguments).
+ Avoid returning an error and re-queueing if the host signature
+ is null; this can occur on addresses like ``user@.''.
+ Problem noted by Wesley Craig and the University of
+ Michigan.
+ Avoid possible calls to malloc(0) if MCI caching is turned
+ off. Bug fix from Pierre David of the Laboratoire
+ Parallelisme, Reseaux, Systemes et Modelisation (PRiSM),
+ Universite de Versailles - St Quentin, and Jacky
+ Thibault.
+ Make a local copy of the line being sent via senttolist() -- in
+ some cases, buffers could get trashed by map lookups
+ causing it to do unexpected things. This also simplifies
+ some of the map code.
+ CONFIG: No changes (version number only, to keep it in sync
+ with the binaries).
+