Hi,
* Loic Minier <email address hidden> [2005-11-14 20:56]:
> While preparing a fix for CVE-2005-3088 (#336096), the Debian bugs
> #323027 and #327893 were brought to my attention. It seems to me other
> quality fixes were included in the 6.2.5-12sarge1 version, basically
> including parts of the upstream "6.2.5.2" stable release and causing
> new bugs to appear; I believe this is far too much changes for a
> security upload.
What do you think exactly? The changes from 6.2.5.2 fixed
CVE-2005-2335, Steve Kemp prepared the fixed package.
But you are right it seems that some things are broken, for
example the apop support.
> I attach "fetchmail_6.2.5-12sarge1.diff", the interdiff between
> 6.2.5-12 and 6.2.5-12sarge1, for you to recheck you want to include it
> completely. My understanding is that the patch in
> "fetchmail_CAN-2005-2335.diff" would have been enough for sarge1.
yes
> Since I'm preparing sarge2, I propose I revert the changes of sarge1,
> except for "fetchmail_CAN-2005-2335.diff", and fix CVE-2005-3088 with
> the patch I've already sent you. I can also prepare a stable upload
> based on sarge2 with more fixes (possibly all) from the stable upstream
> release 6.2.5.4.
>
> Please let me know rapidly whether this suits you.
[...]
Ok with me.
Regards Nico
--
Nico Golde - JAB: <email address hidden> | GPG: 0x73647CFF http://www.ngolde.de | http://www.muttng.org | http://grml.org
Forget about that mouse with 3/4/5 buttons -
gimme a keyboard with 103/104/105 keys!
Hi,
* Loic Minier <email address hidden> [2005-11-14 20:56]:
> While preparing a fix for CVE-2005-3088 (#336096), the Debian bugs
> #323027 and #327893 were brought to my attention. It seems to me other
> quality fixes were included in the 6.2.5-12sarge1 version, basically
> including parts of the upstream "6.2.5.2" stable release and causing
> new bugs to appear; I believe this is far too much changes for a
> security upload.
What do you think exactly? The changes from 6.2.5.2 fixed
CVE-2005-2335, Steve Kemp prepared the fixed package.
But you are right it seems that some things are broken, for
example the apop support.
> I attach "fetchmail_ 6.2.5-12sarge1. diff", the interdiff between CAN-2005- 2335.diff" would have been enough for sarge1.
> 6.2.5-12 and 6.2.5-12sarge1, for you to recheck you want to include it
> completely. My understanding is that the patch in
> "fetchmail_
yes
> Since I'm preparing sarge2, I propose I revert the changes of sarge1, CAN-2005- 2335.diff" , and fix CVE-2005-3088 with
> except for "fetchmail_
> the patch I've already sent you. I can also prepare a stable upload
> based on sarge2 with more fixes (possibly all) from the stable upstream
> release 6.2.5.4.
>
> Please let me know rapidly whether this suits you.
[...] www.ngolde. de | http:// www.muttng. org | http:// grml.org
Ok with me.
Regards Nico
--
Nico Golde - JAB: <email address hidden> | GPG: 0x73647CFF
http://
Forget about that mouse with 3/4/5 buttons -
gimme a keyboard with 103/104/105 keys!