On Sat, Feb 01, 2020 at 03:28:09PM +, Mike Gabriel wrote:
> So, I'd like to play the ball back to Noah. Do you think, that applying the
> security patches is sufficient for spamassassin in stretch/buster? Or have
> their been so many other fixes(TM) that justify an upstream backport to
> jessie
Hi Salvatore, hi Noah,
On Sa 01 Feb 2020 14:01:36 CET, Salvatore Bonaccorso wrote:
Hi Mike,
On Fri, Jan 31, 2020 at 10:01:05PM +, Mike Gabriel wrote:
Hi Ola, Noah,
On Fr 31 Jan 2020 20:32:01 CET, Ola Lundqvist wrote:
> Hi
>
> Spamassassin (and a few other packages) are handled a littl
Hi Mike,
On Fri, Jan 31, 2020 at 10:01:05PM +, Mike Gabriel wrote:
> Hi Ola, Noah,
>
> On Fr 31 Jan 2020 20:32:01 CET, Ola Lundqvist wrote:
>
> > Hi
> >
> > Spamassassin (and a few other packages) are handled a little differently
> > compared to most packages in Debian.
> >
> > I'd advise
HI Matus,
On Fr 31 Jan 2020 17:16:53 CET, Matus UHLAR - fantomas wrote:
On 31.01.20 14:31, Mike Gabriel wrote:
Hi Noah, dear LTS contributors,
Helo guys,
I am about to look into CVE-2020-1930 and CVE-2020-1931 reported
against spamassassin.
The issues have been fixed in 3.4.4~rc1
FYI
Hi Ola, Noah,
On Fr 31 Jan 2020 20:32:01 CET, Ola Lundqvist wrote:
Hi
Spamassassin (and a few other packages) are handled a little differently
compared to most packages in Debian.
I'd advise that we go for the latest release. The only reason I see why we
would not, would be if we introduce s
Hi
Spamassassin (and a few other packages) are handled a little differently
compared to most packages in Debian.
I'd advise that we go for the latest release. The only reason I see why we
would not, would be if we introduce some major backwards compatibility
issue.
// Ola
On Fri, 31 Jan 2020 at
On Fri, Jan 31, 2020 at 05:16:53PM +0100, Matus UHLAR - fantomas wrote:
> > and as spamassassin has been upstream version bumped in Debian jessie
> > LTS before, I am asking for your opinion, if you'd rather recommend
> > cherry-picking the fixes (which I haven't been able to identify yet in
> > up
On 31.01.20 14:31, Mike Gabriel wrote:
Hi Noah, dear LTS contributors,
Helo guys,
I am about to look into CVE-2020-1930 and CVE-2020-1931 reported
against spamassassin.
The issues have been fixed in 3.4.4~rc1
FYI, 3.4.4 was released two days ago...
and as spamassassin has been
upstream
Hi Noah, dear LTS contributors,
I am about to look into CVE-2020-1930 and CVE-2020-1931 reported
against spamassassin.
The issues have been fixed in 3.4.4~rc1 and as spamassassin has been
upstream version bumped in Debian jessie LTS before, I am asking for
your opinion, if you'd rather re
