On Wed, Sep 05, 2007 at 05:03:25PM -0000, Adna rim wrote: > So what alternative we have here? Letting a version in the repos which > you are totally aware that it is vulnerable and my lead to arbitrary > code execution or spending 5min just to take the updated version of > 2.4.5.
Agreed; it is a lot of work. That's what makes an upstream easy to work with or not for doing security updates. You can also check into SRU[1] but that requires minimal changes too. Perhaps backports[2], once it is fixed in Gutsy? [1] https://wiki.ubuntu.com/StableReleaseUpdates [2] https://wiki.ubuntu.com/BackportRequestProcess -- Sylpheed POP3 Format String Vulnerability https://bugs.launchpad.net/bugs/136302 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
