Bug#320357: [pkg-fetchmail-maint] Bug#320357: fetchmail:
CAN-2005-2335 unfixed in stable and possibly oldstable
Helge Kreutzmann
kreutzm at itp.uni-hannover.de
Sat Jul 30 06:47:11 UTC 2005
Hello Lucas,
On Fri, Jul 29, 2005 at 05:22:17PM -0300, Lucas Wall wrote:
> Helge Kreutzmann wrote, On 29/07/05 13:30:
> > Well, I don't think so. I read in your changelog:
> > - new upstream patch because of security issue CAN-2005-2335
> >
> > There is no mention of a bug in the BTS here (no closes#). The machine
> > I reported from is a woody without fetchmail. But I think you can add
> > the proper version in retrorespect as well?
>
> I was takling about this:
>
> http://lists.debian.org/debian-devel-announce/2005/07/msg00010.html
>
> And the original changelog entry is in version 6.2.5-15
>
> - fixed buffer overrun in pop3 UIDs handling CAN-2005-2335
> http://fetchmail.berlios.de/fetchmail-SA-2005-01.txt
> (closes: #212762)
>
> Upstream made a second (better) patch and we applied it on version
> 6.2.5-16 (the changelog entry you quoted).
Sorry, I did not see the earlier entry. I went reverse in history and
saw that entry without a bug number, hence I assumed that you took the
fix directly from upstream without a Debian BTS entry.
Please handle this bug appropriately (I am not sure exactly what the
proper way is using the version tracking).
Thanks for maintaining fetchmail.
Greetings
Helge
--
Dr. Helge Kreutzmann, Dipl.-Phys. Helge.Kreutzmann at itp.uni-hannover.de
gpg signed mail preferred
64bit GNU powered http://www.itp.uni-hannover.de/~kreutzm
Help keep free software "libre": http://www.ffii.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-fetchmail-maint/attachments/20050730/bf156b6d/attachment.pgp
More information about the pkg-fetchmail-maint
mailing list