On Mon, Nov 14, 2005, Nico Golde wrote:
> What do you think exactly? The changes from 6.2.5.2 fixed
> CVE-2005-2335, Steve Kemp prepared the fixed package.
> But you are right it seems that some things are broken, for
> example the apop support.
I think the changes in 6.2.5.2 included a fix for CVE-2005-2335, and
only this fix should have been uploaded.
Now that sarge2 is already on the tracks, I propose to prepare a sarge3
with everything from sarge1 reverted and fetchmail_CAN-2005-2335.diff
applied instead (along with patch.CVE-2005-3088.fetchmail of course).
Security team, please ack the proposed changes.
Alternatively, we could live with the regression and I could prepare a
stable upload with all fixes from 6.2.5.4.
On Mon, Nov 14, 2005, Nico Golde wrote:
> What do you think exactly? The changes from 6.2.5.2 fixed
> CVE-2005-2335, Steve Kemp prepared the fixed package.
> But you are right it seems that some things are broken, for
> example the apop support.
I think the changes in 6.2.5.2 included a fix for CVE-2005-2335, and
only this fix should have been uploaded.
Now that sarge2 is already on the tracks, I propose to prepare a sarge3 CAN-2005- 2335.diff 2005-3088. fetchmail of course).
with everything from sarge1 reverted and fetchmail_
applied instead (along with patch.CVE-
Security team, please ack the proposed changes.
Alternatively, we could live with the regression and I could prepare a
stable upload with all fixes from 6.2.5.4.
Bye,
--
Loïc Minier <email address hidden>