[pkg-horde] imp4 update for CVE-2010-0463 in stable

Adam D. Barratt adam at adam-barratt.org.uk
Sat Jul 10 17:09:50 UTC 2010


Hi,

On Sat, July 10, 2010 17:33, Gregory Colpart wrote:
> On Mon, May 24, 2010 at 12:08:34PM +0200, Giuseppe Iuculano wrote:
>> [...]
>> Unfortunately the vulnerability described above is not important enough
>> to get it fixed via regular security update in Debian stable.
>> It does not warrant a DSA.
>>
>> However it would be nice if this could get fixed via a regular point
>> update[1]. Please contact the release team for this.
>> [...]
>
> I upgrade imp4 package for stable-proposed-updates.
> Here is the diff with actual stable package:
> http://people.debian.org/~reg/imp4_4-2_4-2lenny2.diff

That diff appears to contain two sets of changes.

The first set are for a -lenny1 upload dated August 2009, reverting some
changes made in a previous upload and with stable-security in the
changlog. However, I can't see any sign of that upload on security.d.o and
the changes weren't mentioned in your message.

If the changes for the fix for CVE-2010-0463 are those I suspect then they
should be ok on their own but it's not entirely obvious from the diff.

Regards,

Adam




More information about the pkg-horde-hackers mailing list