Also, I've received >30 emails about the sendmail hole since it was publicly released. Including one from OIT which was sent to everyone on UMD's network with port 25 open, with instructions on how to disable sendmail if you don't actually want it, or how to get the patch if you do. Every sysadmin should do this.
Anyway, here's a quick way to check if your sendmail binary is patched:
strings sendmail | grep 'Dropped invalid comments from header address'
That string is only in the fixed version, so if it's not there, you need to patch.
And hopefully this will be my last post about sendmail :)