> Am 18.03.2016 um 18:26 schrieb Michael McConville <mm...@mykolab.com>: > > Our port is probably still vulnerable to CVE-2006-0709: > > https://security-tracker.debian.org/tracker/CVE-2006-0709 > > https://rhn.redhat.com/errata/RHSA-2006-0217.html > > There are two patches included in the Debian tickets and I can't tell > which was applied. They removed the port in 2009, so it's hard to find > out. > > Of course, ideally we'd just remove ours too, but as sthen pointed out > comms/hylafax and mail/exmh2 still depend on it.
I guess Debian has Hylafax as well. So how did they solved the dependency problem?