SEC Consult added an update to their page [1]. They are basically hiding behind Cisco, CERT-Bund and CERT.at.
I mean, c'mon... They did all that research and they expect me to believe they didn't understand the potential impact so they deferred to someone else's judgement? That's the excuse, seriously?
Besides, what would have been the harm in reaching out to projects like Sendmail and Postfix and ask them for their opinion? I'm more inclined to trust the judgement of the Postfix project then of Cisco.
I mean, c'mon... They did all that research and they expect me to believe they didn't understand the potential impact so they deferred to someone else's judgement? That's the excuse, seriously?
Besides, what would have been the harm in reaching out to projects like Sendmail and Postfix and ask them for their opinion? I'm more inclined to trust the judgement of the Postfix project then of Cisco.
[1] https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-...