[pkg-kolab] Security update of kolab-cyrus-imapd

Nico Golde nico at ngolde.de
Mon Jun 6 18:13:50 UTC 2011


Hi,
* Ond??ej Surý <ondrej at sury.org> [2011-06-06 19:31]:
> same as cyrus-imapd-2.* STARTTLS vulnerability.
> 
> Diffstats:
> $ cat kolab-cyrus-imapd_2.2.13-5+lenny3.diffstat
>  debian/patches/87-STARTTLS_vulnerability_fix.patch                |  111
>  kolab-cyrus-imapd-2.2.13/debian/changelog                         |    7
>  kolab-cyrus-imapd-2.2.13/debian/patches/00list                    |    1
>  kolab-cyrus-imapd-2.2.13/debian/patches/99-update-autoconf.dpatch
> |11890 +++++-----
>  4 files changed, 6101 insertions(+), 5908 deletions(-)
> 
> $ cat kolab-cyrus-imapd_2.2.13-9.1.diffstat
>  debian/patches/87-STARTTLS_vulnerability_fix.patch |  111 +++++++++++++++++++++
>  kolab-cyrus-imapd-2.2.13/debian/changelog          |    7 +
>  kolab-cyrus-imapd-2.2.13/debian/patches/series     |    1
>  3 files changed, 119 insertions(+)
> 
> The changes were copied directly from cyrus-imapd-2.2 package, since
> it's basically the cyrus-imapd-2.2 + kolab patches.

Patch looks good, please upload to security-master.

> Update for debian-sid will be issued shortly, it updates the Berkeley
> DB in same upload, so it needs some testing of the migration script.
> Anyone to volunteer? :)

I think I can not help much except for ensuring that a standard installation + 
upgrade runs smooth. As this is also true for the squeeze version I guess we 
need to wait for some testing here.

Cheers
Nico
-- 
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-kolab-devel/attachments/20110606/a8a6da1f/attachment-0001.pgp>


More information about the pkg-kolab-devel mailing list