On Wed, Jan 04, 2006 at 03:27:48AM -0800, Don Armstrong wrote: > Attached is the patch for the NMU that I am preparing; I will upload > it to a delay queue sometime tomorrow (assuming it checks out when > I've had more sleep.)
Hi, and thanks for the patch. FWIW, we discussed this package a bit on the Debian Perl list (see the thread at <http://lists.debian.org/debian-perl/2005/12/msg00033.html>), and the consensus was that is should be removed. It's officially unsupported upstream, and the author recommends Email::Filter (currently in NEW) as a replacement. I'm going to file a removal request once libemail-filter-perl gets in. As for the /tmp vulnerabilities, the one in Mail::Audit::MimeEntity doesn't look quite as serious to me. I looked into it a bit, and although it does fall back to /tmp and follows symlinks, MIME::Parser uses a not quite trivially guessable directory underneath (current time + process ID, IIRC). Naturally, this doesn't mean it shouldn't be fixed. If you still want to do the NMU, that's fine of course. I guess the sarge version should be patched anyway. Cheers, -- Niko Tyni [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]