Hi, * Loic Minier <[EMAIL PROTECTED]> [2005-11-14 20:56]: > While preparing a fix for CVE-2005-3088 (#336096), the Debian bugs > #323027 and #327893 were brought to my attention. It seems to me other > quality fixes were included in the 6.2.5-12sarge1 version, basically > including parts of the upstream "6.2.5.2" stable release and causing > new bugs to appear; I believe this is far too much changes for a > security upload.
What do you think exactly? The changes from 6.2.5.2 fixed CVE-2005-2335, Steve Kemp prepared the fixed package. But you are right it seems that some things are broken, for example the apop support. > I attach "fetchmail_6.2.5-12sarge1.diff", the interdiff between > 6.2.5-12 and 6.2.5-12sarge1, for you to recheck you want to include it > completely. My understanding is that the patch in > "fetchmail_CAN-2005-2335.diff" would have been enough for sarge1. yes > Since I'm preparing sarge2, I propose I revert the changes of sarge1, > except for "fetchmail_CAN-2005-2335.diff", and fix CVE-2005-3088 with > the patch I've already sent you. I can also prepare a stable upload > based on sarge2 with more fixes (possibly all) from the stable upstream > release 6.2.5.4. > > Please let me know rapidly whether this suits you. [...] Ok with me. Regards Nico -- Nico Golde - JAB: [EMAIL PROTECTED] | GPG: 0x73647CFF http://www.ngolde.de | http://www.muttng.org | http://grml.org Forget about that mouse with 3/4/5 buttons - gimme a keyboard with 103/104/105 keys!
pgpRE78VrcRxm.pgp
Description: PGP signature
