On Mon, Aug 25, 2025 at 05:56:10PM -0700, Soren Stoutner wrote: > On Friday, August 22, 2025 8:48:56 AM Mountain Standard Time Moritz > Mühlenhoff > wrote: > > Thanks for folllowing up. I've used 0.44.2-1 as the fixed version given that > > sqwebmail 3.6.1 was released 2003-10-30 and 0.44.2 was the following release > > uploaded to sid. > > Thank you for doing that. > > How do you propose we deal with CVE-2005-1308, which was a false positive and > was > never actually a security vulnerability in Courier?
Keeping as it is as upstream has commented on https://github.com/svarshavchik/courier/issues/61 with "Still, I'm going to proactively close the books on this topic, in a future release which will take care of this last dangling bit."? Please do understand as well the following: The CVE is for reasons marked "unimportant". So while considered unfixed in the tracker it is completely in another category, because marked unimprtant, with a negligible or non-exploitable vector. Upstream has commented on this issue extensively in above issue. Regards, Salvatore
