On Sun, Sep 10, 2006 at 08:42:44AM +0200, Andreas Barth wrote:
> > > > I will uploaded an NMU of your package. This was necessary to fix the
> > > > local
> > > > privilege escalation and to make sure that /etc/maildroprc has the right
> > > > owner. Please find the used diff below.
> > >
> > > Umm, but bug #325135 was an issue on August 29, 2005, and it was fixed by
> > > Andres Salomon *on that same day*. The only reason it's not closed is that
> > > none of us noticed that it's still open, AFAICT.
> >
> > Oh, crap, no it's not. Other than uploading 1.5.2-2, Andres later uploaded
> > 1.8.1, and apparently omitted that particular patch. I picked up on that
> > package, and assumed that all is well.
> >
> > I'm uploading a fixed package :/
>
> Thanks. However, if you could do me a favour, please also put the
> CVE-number into the changelog with the next upload - that helps to find
> out security issues.
Oh, sorry about that. I re-instated the 1.5.3-2 changelog entry which
includes it, so I didn't think about the new one. In any case, the
again-vulnerable package was in unstable for just a couple of days and
in testing for one day (and counting...).
--
2. That which causes joy or happiness.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
