[pkg-kolab] Bug#629350: Bug#629350: STARTTLS vulnerability in kolab-cyrus-imapd
Moritz Muehlenhoff
jmm at inutil.org
Wed Jun 8 20:07:30 UTC 2011
On Sun, Jun 05, 2011 at 11:30:03PM +0200, Mathieu Parent wrote:
> 2011/6/5 Ondřej Surý <ondrej at sury.org>:
> > Hi,
> >
> > I have just realized that the same STARTTLS bug affect
> > kolab-cyrus-imapd as well.
> >
> > Ccing Security team, so they can keep track of the security vulnerability.
> >
> > You can find the patch in pkg-cyrus-imapd/cyrus-imapd-2.2 git
> > repository (on alioth) or in cyrus-imapd-2.2 package sources.
> >
> > I would suggest to fix Berkeley DB in one go, since otherwise the bug
> > will prevent building the packager and migration of fixed package to
> > testing.
> >
> > If you don't have a time, please ping me, I'll prepare security
> > uploads and fixes for unstable.
>
> Ping.
>
> Sorry to be that busy those days.
Why is kolab-cyrus-imapd a separate source package? Can we fix it for Wheezy
to be built from a unified source package, i.e. a separate build target which
applies the seven Kolab patches?
Cheers,
Moritz
More information about the pkg-kolab-devel
mailing list