All, I discovered a remote crash in all versions of dkim-milter subsequent to 2.6.0 (which is the version currently in lenny). There's a patch to 2.6.0 which fixes this, and a more complete change to the included library resposnible for the failed assertion is shipped in 2.8.1, which I plan to upload as soon as I figure out the best course of action to ensure the fix makes it into lenny.
Because there have been some changes to some of the related IETF drafts as they've solidifed over the past few months, my preference would be to get 2.8.1 into lenny. With that said, I won't misrepresent the changes between the two versions as minor. I've run the latest versions in production successfully, but I'll obviously defer to the release team's judgment on that. My initial contact was with the security team, but they suggested I reach out to the release team instead since the versions in sid and lenny are currently identical. So: how should I proceed? Thanks, -- Mike Markley <m...@markley.org> There are some things worth dying for. - Kirk, "Errand of Mercy", stardate 3201.7 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
