sendmail - pre-set password

Hugo Espuny discovered a problem in sendmail, a commonly used program
to deliver electronic mail. When installing “sasl-bin” to use sasl in
connection with sendmail, the sendmail configuration script use fixed
user/pass information to initialise the sasl database. Any spammer
with Debian systems knowledge could utilise such a sendmail
installation to relay spam.

For the stable distribution (woody) this problem has been fixed in
version 8.12.3-7.1.

For the unstable distribution (sid) this problem has been fixed in
version 8.13.1-13.

We recommend that you upgrade your sendmail package.