Comment 17 for bug 24758

Hi,
* Loic Minier <email address hidden> [2005-11-14 20:56]:
> While preparing a fix for CVE-2005-3088 (#336096), the Debian bugs
> #323027 and #327893 were brought to my attention. It seems to me other
> quality fixes were included in the 6.2.5-12sarge1 version, basically
> including parts of the upstream "6.2.5.2" stable release and causing
> new bugs to appear; I believe this is far too much changes for a
> security upload.

What do you think exactly? The changes from 6.2.5.2 fixed
CVE-2005-2335, Steve Kemp prepared the fixed package.
But you are right it seems that some things are broken, for
example the apop support.

> I attach "fetchmail_6.2.5-12sarge1.diff", the interdiff between
> 6.2.5-12 and 6.2.5-12sarge1, for you to recheck you want to include it
> completely. My understanding is that the patch in
> "fetchmail_CAN-2005-2335.diff" would have been enough for sarge1.

yes

> Since I'm preparing sarge2, I propose I revert the changes of sarge1,
> except for "fetchmail_CAN-2005-2335.diff", and fix CVE-2005-3088 with
> the patch I've already sent you. I can also prepare a stable upload
> based on sarge2 with more fixes (possibly all) from the stable upstream
> release 6.2.5.4.
>
> Please let me know rapidly whether this suits you.

[...]
Ok with me.
Regards Nico
--
Nico Golde - JAB: <email address hidden> | GPG: 0x73647CFF
http://www.ngolde.de | http://www.muttng.org | http://grml.org
Forget about that mouse with 3/4/5 buttons -
gimme a keyboard with 103/104/105 keys!