package mailscanner tags 506353 help upstream confirmed thanks Hello,
Mark Purcell <[EMAIL PROTECTED]> writes: > On Friday 21 November 2008 08:24:46 Raphael Geissert wrote: >> I'm using severity grave as this package should definitely not be shipped >> in any release as is. > > Simon, > > This RC bug was reported almost two weeks ago without any comment from you. > > Are you in a position to investigate and propose a way forward for your > package in lenny? I have looked at the code-segments Raphael pointed out and I'm totally agree with him. In the current state the package should not be part of the lenny release. I'm in no position to fix all this. I'm not familiar enough with the MailScanner sourcecode and I'm not able to test the changes I would have to make, in particular to all the virusscanner scripts. I have put Julian Field (upstream author) in CC to inform him about all this. (@Julian: the full bugreport is here [1]) If he is willing and able to fix the problems in a feature release before lenny is released I will try to backport the fixes to the current package in lenny. Otherwise this package should be removed. I'm also wondering why [2] marks CVE-2008-5140 as fixed for sid+lenny. It claims the bug was fix with 4.57.6-1, but there is no difference between 4.55.10-3 and 4.57.6-1. Sorry for the late reply. -- Regards Simon Walter [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506353 [2] http://security-tracker.debian.net/tracker/CVE-2008-5140 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
