Hi Jonathan, Op zondag 25 december 2011 19:50:43 schreef Jonathan Sailor: > Package: alpine > Version: 2.00+dfsg-6 > Severity: grave > Tags: security > Justification: user security hole > > The alpine package does not include a fix for CVE-2008-5514. > > Vulnerable: lenny lenny-backports squeeze > Fixed in upstream: wheezy sid > > The patch is available at [1]. Note since that version is written for > uw-imap, the path to rfc822.c is imap/src/c-client/rfc822.c.
Thanks for reporting this. I've noted this in the security tracker. We've issued a DSA for this for uw-imap, but for alpine I think the problem is of a different order. A denial of service in server software is different than simply an email client crashing - the latter is more a regular bug than a security issue. We will not be issuing a DSA for this, but you/the maintainer may choose to fix it in (old)stable through a point update, or leave it at this. Cheers, Thijs
signature.asc
Description: This is a digitally signed message part.
