Bug#320357: [pkg-fetchmail-maint] Bug#320357: fetchmail:
CAN-2005-2335 unfixed in stable and possibly oldstable
Lucas Wall
lwall at debian.org
Fri Jul 29 20:22:17 UTC 2005
Helge Kreutzmann wrote, On 29/07/05 13:30:
> Hello Lucas,
> On Thu, Jul 28, 2005 at 04:13:50PM -0300, Lucas Wall wrote:
>
>>Helge Kreutzmann wrote, On 28/07/05 15:43:
>>
>>>Package: fetchmail
>>>Version: N/A; reported 2005-07-28
>>>Severity: grave
>>>Tags: security
>>>Justification: user security hole
>>>
>>>Hello,
>>>I see that you close CAN-2005-2335 in 6.2.5-16 in unstable, but I
>>>could not find a bug report for tracking sarge and woody. Please close
>>>this bug when both are dealt with.
>>
>>Isn't the new package version feature in the BTS useful for these kind
>>of things?
>
>
> Well, I don't think so. I read in your changelog:
> - new upstream patch because of security issue CAN-2005-2335
>
> There is no mention of a bug in the BTS here (no closes#). The machine
> I reported from is a woody without fetchmail. But I think you can add
> the proper version in retrorespect as well?
I was takling about this:
http://lists.debian.org/debian-devel-announce/2005/07/msg00010.html
And the original changelog entry is in version 6.2.5-15
- fixed buffer overrun in pop3 UIDs handling CAN-2005-2335
http://fetchmail.berlios.de/fetchmail-SA-2005-01.txt
(closes: #212762)
Upstream made a second (better) patch and we applied it on version
6.2.5-16 (the changelog entry you quoted).
K.
--
Lucas Wall <kthulhu at kadath.com.ar> .''`.
Buenos Aires, Argentina : :ø : Debian GNU/Linux
http://www.kadath.com.ar `. `' http://www.debian.org
PGP: 1024D/84FB46D6 `-
5D25 528A 83AB 489B 356A http://people.debian.org/~lwall
4087 BC9B 4733 84FB 46D6 mailto:lwall at debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-fetchmail-maint/attachments/20050729/06ace3d6/signature.pgp
More information about the pkg-fetchmail-maint
mailing list