Comment 5 for bug 905252

Thanks for the debdiffs! Your changelog entry and patch name references 'CVE-2011-041'. This is an invalid CVE identifier. From what I can tell from the history in the Debian squeeze package, you meant to reference CVE-2011-0411. Can you confirm this? If so, the debdiffs should be updated to not call this issue by that CVE name, since it is for postfix. Instead, say it is 'similar to CVE-2011-0411' in the changelog and DEP-3 comments (and rename the patch).

Also, CVE-2010-4652 and CVE-2011-1137 are also open for lucid and maverick (patches are available in the Debian squeeze packaging). Can you update your debdiffs to include the fixes for these issues as well?

Thanks again!