Hey guys, thx for the replies. Could you please make a release as fast as possible? I am in the archlinux-CVE-monitoring team and archlinux uses your dev-version. So our mutt package is vulnerable since last year april or something. Would be really nice I could close this CVE. Thx for your help and really good work with mutt.
best regards -------------------------------------------------------------- Christian Rebischke System-Administrator at Institute for Operations Research TU-Clausthal Website : www.nullday.de Twitter : @sh1bumi Jabber : [email protected] PGP : 0x8D8172C8 Fingerprint: A224 6F57 FD0A AC81 3971 EEBE 5EDA 916B 3A2A 7C49 -------------------------------------------------------------- On Mon, Mar 02, 2015 at 06:50:25PM -0600, Derek Martin wrote: > > On Mon, Mar 02, 2015 at 02:29:34PM -0800, Kevin J. McCarthy wrote: > > Christian Rebischke wrote: > > > Hello Guys, > > > Sorry for interrupting your development process. I have one question to > > > the > > > CVE-2014-9116. Its fixed in stable yes. But is it fixed in the development > > > version 1.5.23 too? I can't find any information about this. > > > > It was fixed in our hg repos at commit 0aebf1df4359, but we have not > > had a release with the fix in it yet. > > It does seem that making one would be prudent... Most people run a > dev build, and many people build from source. They would not have the > fix unless they were paying close attention and build from the repo. > > Was there at least notification of this on the announce list? > > -- > Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 > -=-=-=-=- > This message is posted from an invalid address. Replying to it will result in > undeliverable mail due to spam prevention. Sorry for the inconvenience. >
pgp0BzCbUSJKj.pgp
Description: PGP signature
