> I don't think it's fair to portray CVE-2002-2034 ... as
> unfixed procmail vulnerabilities. These seem to be
> security issues (lack of shell escaping) in an
> Email Sanitizer project ...
No, it _isn't_ fair to portray CVE-2002-2034 as an unfixed procmail vulnerability, as it is neither unfixed (note the CVE entry says "_before_ 1.133") nor a vulnerability in procmail.
If you follow the links and look at the dates of the vulnerability reports and of the fix in the Sanitizer change log, you'll see that the vulnerability reports were generated from someone seeing in my change log that I had fixed a potential problem.