diff --git a/share/security/advisories/FreeBSD-EN-15:08.sendmail.asc b/share/security/advisories/FreeBSD-EN-15:08.sendmail.asc
new file mode 100644
index 0000000000..1c4dfcbf63
--- /dev/null
+++ b/share/security/advisories/FreeBSD-EN-15:08.sendmail.asc
@@ -0,0 +1,157 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-15:08.sendmail Errata Notice
+ The FreeBSD Project
+
+Topic: sendmail TLS/DH Interoperability Improvement
+
+Category: contrib
+Module: sendmail
+Announced: 2015-06-18
+Credits: Frank Seltzer, Gregory Shapiro
+Affects: All supported versions of FreeBSD.
+Corrected: 2015-06-17 02:39:10 UTC (stable/10, 10.1-STABLE)
+ 2015-06-18 05:36:45 UTC (releng/10.1, 10.1-RELEASE-p13)
+ 2015-06-17 03:11:25 UTC (stable/9, 9.3-STABLE)
+ 2015-06-18 05:36:45 UTC (releng/9.3, 9.3-RELEASE-p17)
+ 2015-06-17 03:22:18 UTC (stable/8, 8.4-STABLE)
+ 2015-06-18 05:36:45 UTC (releng/8.4, 8.4-RELEASE-p31)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+.
+
+I. Background
+
+sendmail supports STARTTLS encrypted connections using DHE_EXPORT
+ciphers. As part of that support, by default, sendmail employs 1024-bit
+DH parameters for server connections and 512-bit DH parameters for
+client connections.
+
+II. Problem Description
+
+In response to CVE-2015-4000 ("Logjam TLS vulnerability"), OpenSSL and
+other encryption packages have begun rejecting 512-bit and lower DH
+parameters during negotiation, thereby reducing interoperability.
+
+III. Impact
+
+In its default configuration, client connections from sendmail to other
+SMTP servers will not be able to negotiate a STARTTLS encrypted session
+with SMTP servers which reject 512-bit DH parameters. This may cause
+mail deliverability issues for outbound mail.
+
+IV. Workaround
+
+To work around this interoperability, sendmail can be configured to use
+a 1024 or 2048 bit DH parameter using these steps:
+
+ 1. Edit /etc/mail/`hostname`.mc
+ 2. If a setting for confDH_PARAMETERS does not exist or
+ exists and is set to a string beginning with '5',
+ replace it with '1' for 1024-bit or '2' for 2048-bit.
+ 3. If a setting for confDH_PARAMETERS exists and is set to
+ a file path, create a new file with:
+ openssl dhparam -out /path/to/file 2048
+ for 2048-bit or:
+ openssl dhparam -out /path/to/file 1024
+ for 1024-bit.
+ 4. If you have modified your MSP submission configuration
+ file to enable STARTTLS (not enabled by default), repeat
+ the above steps for /etc/mail/`hostname`.submit.mc.
+ 5. Rebuild the .cf file(s):
+ cd /etc/mail/; make; make install
+ 6. Restart sendmail:
+ cd /etc/mail/; make restart
+
+Systems that do not use sendmail are not affected.
+
+V. Solution
+
+A change to the raise the default for sendmail client connections to
+1024-bit DH parameters has been committed.
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+2) To update your present system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+3) To update your present system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-15:08/sendmail.patch
+# fetch https://security.FreeBSD.org/patches/EN-15:08/sendmail.patch.asc
+# gpg --verify sendmail.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in .
+
+Restart the sendmail daemon(s), or reboot the system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/8/ r284491
+releng/8.4/ r284536
+stable/9/ r284488
+releng/9.3/ r284536
+stable/10/ r284485
+releng/10.1/ r284536
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+
+
+VII. References
+
+The latest revision of this Errata Notice is available at
+https://security.FreeBSD.org/advisories/FreeBSD-EN-15:08.sendmail.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.5 (FreeBSD)
+
+iQIcBAEBCgAGBQJVgllYAAoJEO1n7NZdz2rnsY0QAIKcqNxRed97fvmxvL9kX1In
+CpdKO0Cso8EhCDOKJzmSYR49QZc6CNtPflbgbK2wktiHptmK87R+xODyIWBR1q8T
+peMoevr942gCUZzrA259cLaWJGC7MZer5G9SIsB7cnMJox/QcHmQysDONfu1PRjf
+T8T3/q24230PnBBJpR1SNDMOPAc1YLMetEZ3ue72ToG9pd6gAXN8I9N1ZUPY/6dd
+9/urhdQnxlX5RB3JnqujueJvCrcstInZ8grtKOmTfPSUcWGL++dwu6YH34ORwKDh
+wiI8U+qyg1Lq5vGx6srDOkGAhiSbYi177PV1RCNTxY28yGVvhiiSnLSsIesZBcoB
+pVYcefBJeqcXNuQC5jsGKHEbti9X3bhHnThOaOBOvrooEGcc7/DuP02BZiNOWDvV
+3axT+iFzJdZ1sZktdUQl65zqVBSDASTFz5uG/nTUFASj0W4+vVEghy6FAxlf3aBO
+eV9tqxeUozt0nSb/44n2u2GHRplWWS1KEE3N+skN5IT4RfZaNvTVtZ0s1fRv6Jum
+YNut6TGiVIyTACP0JjS2TkGC3kdPrqweZSQ6xnfrgOSCS+3w2nR1aqaGJ3aCIm/b
+9ixFFIW03LhBH2fl4Y68+CbAlIgGd0zigbRds1IGxRSUxR8AKBngqC+KQUFCOSnY
+snl4x6f2t36abWYgneaP
+=mvxv
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/EN-15:08/sendmail.patch b/share/security/patches/EN-15:08/sendmail.patch
new file mode 100644
index 0000000000..06e854ba76
--- /dev/null
+++ b/share/security/patches/EN-15:08/sendmail.patch
@@ -0,0 +1,24 @@
+Index: contrib/sendmail/src/tls.c
+===================================================================
+--- contrib/sendmail/src/tls.c
++++ contrib/sendmail/src/tls.c
+@@ -650,7 +650,7 @@
+ ** 1024 generate 1024 bit parameters
+ ** 2048 generate 2048 bit parameters
+ ** /file/name read parameters from /file/name
+- ** default is: 1024 for server, 512 for client (OK? XXX)
++ ** default is: 1024
+ */
+
+ if (bitset(TLS_I_TRY_DH, req))
+@@ -676,8 +676,8 @@
+ }
+ if (dhparam == NULL)
+ {
+- dhparam = srv ? "1" : "5";
+- req |= (srv ? TLS_I_DH1024 : TLS_I_DH512);
++ dhparam = "1";
++ req |= TLS_I_DH1024;
+ }
+ else if (*dhparam == '/')
+ {
diff --git a/share/security/patches/EN-15:08/sendmail.patch.asc b/share/security/patches/EN-15:08/sendmail.patch.asc
new file mode 100644
index 0000000000..4ec08c6b60
--- /dev/null
+++ b/share/security/patches/EN-15:08/sendmail.patch.asc
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.5 (FreeBSD)
+
+iQIcBAABCgAGBQJVglliAAoJEO1n7NZdz2rnAyoQAOEh0lpi5EEM5AkIOapisUzc
+Rzd74KDnoPSe7o4WED5neaVpiaf5Z+erWUtXAZ2hcuDQqJi0YRSHJB9YrQxaSI0D
+6IopQpsJqslC41Z4WKp13sGzfbANTYvmeKvrxOsz4q+YrzZpHKZYWwozjY0ZXQEK
+QjnTNM+CBTZtvp4n+Avs9pPUfOXBqk/d7KDADnOOlai3NANBG3eZnfRSGNcyONBB
+ogV8JPqDoubdwk/poNqXsu3aeWOzAAGnvtwhm7a03pxp+1iThmiGw/WRNQaADJq/
+ZDMQhtlCSpyApunesf8qw5LW1KhNU4w2hepVruakUNjHpthTmSLy5NcU8Vw1nZiw
+JB6XOT0TGoUhu7zR1uGsKRe1WlBKwSbHk5GNgU2ND4GM1RpViZ3O3dwjAXUXWlFg
+WX2LaUt/VO6YM0+Q+PlpKaHHk5c5/vzKNb0SXhPbUzLuBhdo3OID+g5s0QVjE3+E
+p34YLwqsL0+oGH7m1+ki62x9oA7PXHn4Y9ye+MSqcK40eTB16Jwx+7pFdIt7zdn8
+20i1KaBK+zEkYaMpuhKECRBUFtb3sFMnvGj7li3LaRmcubB57J8Brs4mbrZb6spo
+vkoBr2ntBPXhOeqzIa1eUgS+5DXsayjm7vn055AznzNqMe7wyA9MTEjZvMYcLAF6
+tQxxZbHkTZ7xsFDp5gaU
+=7zXU
+-----END PGP SIGNATURE-----
diff --git a/share/xml/notices.xml b/share/xml/notices.xml
index ff3fffbd8b..88ca7062f7 100644
--- a/share/xml/notices.xml
+++ b/share/xml/notices.xml
@@ -10,6 +10,14 @@
6
+
+ 18
+
+
+ FreeBSD-EN-15:08.sendmail
+
+
+
9