In article <[EMAIL PROTECTED]> [EMAIL PROTECTED] writes:
>Hi,
> there are still two critical bugs filed against ecartis, one is 1 year
>old, another is 203 days old. Second one seems to have been closed, and
>then reopened.
> Does this mean ecartis is still vulnerable ( I don't care about first,
> postfix-related too much, but it's still depressing )...?
Both bugs have been fixed in unstable for a long time.
The security team recently fixed the security problems in DSA-467-1, but
forgot to close the associated bug 210444. I am doing so now.
As the current maintainer of the debian ecartis package, I was happy
to see the DSA for the long-standing bugs. I had looked at building
patches, but the information on the ecartis web site was incomplete
and the standard policy is not to allow new releases in stable. The
security team did not consult me before doing the DSA. (They may have
consulted one of the previous maintainers.)
It is possible they may have fixed the other bug at the same time.
--
Blars Blarson [EMAIL PROTECTED]
http://www.blars.org/blars.html
With Microsoft, failure is not an option. It is a standard feature.
