Em Ter 16 Out 2001 19:35, Josip Rodin escreveu: > On Sun, Oct 14, 2001 at 07:12:38PM +0000, Andre Luis Lopes wrote: > It appears that the version 0.75 doesn't have the sanity check at all. This > looks like a serious bug, it can overwrite and lose data that way... > It also makes one chunk not apply, which is normal. What should be done? > > (Please CC: posts to debian-security to me, I'm not on the list) > > [the rest of the original post follows]
Sorry, I'm just reporting a problem I think Potato is still vulnerable. I really didn't wrote the previous patch, I just found it in Amavis documentation and reported the problem. I think you should better ask upstream what should be done in this case. Maybe build a new package using a newer maildrop version for potato ? Is that possible ? I really don't know if some Debian policy will not allow to use a new maildrop version but, as you told, this bug seems to be serious and we should provide a fix for it anyway. -- Andre Luis Lopes andrelop at ig dot com dot br
