Le jeudi 25 décembre 2008 à 21:44 +0100, Emmanuel Halbwachs a écrit : > Hello, > > Olivier Berger a écrit (Wed, Dec 24, 2008 at 09:10:38AM +0100) : > > As you may know, the Debian package of sympa is based on a somehow old > > version (before 5.4)... so it may or may not be that this new release > > fixes some of its security bugs... > > > > Any more detailed analysis would be much welcome, then. > > Further info could be found here (in french, sorry): > > http://www.certa.ssi.gouv.fr/site/CERTA-2008-AVI-607/ > > According to this page, the vulnerabilities only affect the 5.4 branch
Well... it's not obvious they checked if earlier releases where indeed not affected :-/ ... so I'd rather check the patches and compare to 5.2.x or 5.3.x code... or ask sympa developers, to make sure. > and indeed http://packages.qa.debian.org/s/sympa.html: > > Stable 5.2.3-1.2+etch1 > Stable Security Updates 5.2.3-1.2+etch1 > Testing 5.3.4-6.1 > Unstable 5.3.4-6.1 > > So it appears that neither etch nor lenny is concerned. > Feel free to close this bug as the PTS now shows that the latest > version available is 5.4.4. > IMHO, it would be better to confirm the elements raised above before closing, then. No time to do so ATM, though. Regards, -- Olivier BERGER <olivier.ber...@it-sudparis.eu> http://www-public.it-sudparis.eu/~berger_o/ - OpenPGP-Id: 1024D/6B829EEC Ingénieur Recherche - Dept INF Institut TELECOM, SudParis (http://www.it-sudparis.eu/), Evry (France) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
