Helge Kreutzmann wrote, On 29/07/05 13:30: > Hello Lucas, > On Thu, Jul 28, 2005 at 04:13:50PM -0300, Lucas Wall wrote: > >>Helge Kreutzmann wrote, On 28/07/05 15:43: >> >>>Package: fetchmail >>>Version: N/A; reported 2005-07-28 >>>Severity: grave >>>Tags: security >>>Justification: user security hole >>> >>>Hello, >>>I see that you close CAN-2005-2335 in 6.2.5-16 in unstable, but I >>>could not find a bug report for tracking sarge and woody. Please close >>>this bug when both are dealt with. >> >>Isn't the new package version feature in the BTS useful for these kind >>of things? > > > Well, I don't think so. I read in your changelog: > - new upstream patch because of security issue CAN-2005-2335 > > There is no mention of a bug in the BTS here (no closes#). The machine > I reported from is a woody without fetchmail. But I think you can add > the proper version in retrorespect as well?
I was takling about this: http://lists.debian.org/debian-devel-announce/2005/07/msg00010.html And the original changelog entry is in version 6.2.5-15 - fixed buffer overrun in pop3 UIDs handling CAN-2005-2335 http://fetchmail.berlios.de/fetchmail-SA-2005-01.txt (closes: #212762) Upstream made a second (better) patch and we applied it on version 6.2.5-16 (the changelog entry you quoted). K. -- Lucas Wall <[EMAIL PROTECTED]> .''`. Buenos Aires, Argentina : :ΓΈ : Debian GNU/Linux http://www.kadath.com.ar `. `' http://www.debian.org PGP: 1024D/84FB46D6 `- 5D25 528A 83AB 489B 356A http://people.debian.org/~lwall 4087 BC9B 4733 84FB 46D6 mailto:[EMAIL PROTECTED]
signature.asc
Description: OpenPGP digital signature
