Hi Marco,
Or does it mean that a security release should be made for previous
versions still maintained by the Debian project?
It should be, yes. (At least, if you think that it should be fixed.)
I do not believe taking time to fix it on older versions of INN is
worthwhile. Not much harm can be done in NNTP when this security hole
is exploited. Usually, authentication and/or host checks are required
for sensitive newsgroups. (Also note that once a user has been
authenticated, STARTTLS is no longer available.)
If other people think this vulnerability can be harmful, please speak up!
--
Julien ÉLIE
« – Nous parlerons quand l'interprète dormira. [Bong !]
– Il dort. On peut parler. » (Astérix)
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
