Hello, Olivier Berger a écrit (Wed, Dec 24, 2008 at 09:10:38AM +0100) : > As you may know, the Debian package of sympa is based on a somehow old > version (before 5.4)... so it may or may not be that this new release > fixes some of its security bugs... > > Any more detailed analysis would be much welcome, then.
Further info could be found here (in french, sorry): http://www.certa.ssi.gouv.fr/site/CERTA-2008-AVI-607/ According to this page, the vulnerabilities only affect the 5.4 branch and indeed http://packages.qa.debian.org/s/sympa.html: Stable 5.2.3-1.2+etch1 Stable Security Updates 5.2.3-1.2+etch1 Testing 5.3.4-6.1 Unstable 5.3.4-6.1 So it appears that neither etch nor lenny is concerned. Feel free to close this bug as the PTS now shows that the latest version available is 5.4.4. Cheers, -- Emmanuel Halbwachs Resp. Réseau/Sécurité Observatoire de Paris-Meudon tel : (+33)1 45 07 75 54 5 Place Jules Janssen fax : (+33)1 45 07 76 13 F 92195 MEUDON CEDEX -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
