[Secure-testing-team] Status of unfixed security issues
Andrew Pollock
apollock at debian.org
Tue Apr 5 22:54:34 UTC 2005
On Tue, Apr 05, 2005 at 06:15:45PM -0400, Joey Hess wrote:
>
> > openwebmail CAN-2005-0445
> > - Fixed upstream and no maintainer reaction since six weeks. Given the fact that
> > another security issue is open for 2.5 months without reaction and 291478
> > describes the security state of the code as rather poor this package should
> > be given up for adoption or removed from sid as well. It's currently not part
> > of Sarge, but there's still about 100 sid users in popcon alone which use the
> > vulnerable version.
>
> You should contact the MIA handling guys for this I think.
>
openwebmail is already orphaned. I'll be making a QA upload once it hits the
14 day mark.
If the attached patch applies, I'll apply it as part of the QA upload.
regards
Andrew
More information about the Secure-testing-team
mailing list