Debian
fetchmail package

  1. Bug #24758
  2. Comment #16

Comment 16 for bug 24758

Revision history for this message
In , Loïc Minier (lool) wrote : IMPORTANT: fetchmail regression in 6.2.5-12sarge1

        Hi,

 While preparing a fix for CVE-2005-3088 (#336096), the Debian bugs
 #323027 and #327893 were brought to my attention. It seems to me other
 quality fixes were included in the 6.2.5-12sarge1 version, basically
 including parts of the upstream "6.2.5.2" stable release and causing
 new bugs to appear; I believe this is far too much changes for a
 security upload.

 I attach "fetchmail_6.2.5-12sarge1.diff", the interdiff between
 6.2.5-12 and 6.2.5-12sarge1, for you to recheck you want to include it
 completely. My understanding is that the patch in
 "fetchmail_CAN-2005-2335.diff" would have been enough for sarge1.

 Since I'm preparing sarge2, I propose I revert the changes of sarge1,
 except for "fetchmail_CAN-2005-2335.diff", and fix CVE-2005-3088 with
 the patch I've already sent you. I can also prepare a stable upload
 based on sarge2 with more fixes (possibly all) from the stable upstream
 release 6.2.5.4.

 Please let me know rapidly whether this suits you.

   Cheers,
--
Loïc Minier <email address hidden>
"What do we want? BRAINS! When do we want it? BRAINS!"