Hi Matthias, On Sat, Aug 28, 2021 at 11:27 AM Matthias Andree <matthias.and...@gmx.de> wrote: > Just a word of warning, this isn't your pick three git commits with > trivial fixes - the backport will require proper testing, too, and it > will require some of the 42 patches since fetchmail 6.4.21 that are NOT > marked SECURITY - for instance, 74771392 and 616e8c70, and translation > updates as they are now trickling in, and documentation updates that > suggest limiting TLS to TLS1.2+, so anything that looks like SSL or TLS > documentation update. [...] > Note that there was a lot of drive-by bugfixing that also warrants > updating independent of the CVE. You are kind of a mind reader. There are several important commits to backport and I'm not sure it is worth testing if all backported ones are in place and properly fix all security issues. I think it's much better to make a full package update. Ie, put 6.4.22 to Bullseye instead of the 6.4.16 version. For the first look, I didn't see any change that might be unintended for a stable update.
Thanks for your follow up! Laszlo/GCS
