Re: mailscanner stable update for CVE-2008-5312 CVE-2008-5313
> the following CVE (Common Vulnerabilities & Exposures) id was
> published for mailscanner some time ago.
> Unfortunately the vulnerability described above is not important enough
> to get it fixed via regular security update in Debian stable. It does
> not warrant a DSA.
> However it would be nice if this could get fixed via a regular point
> Please contact the release team for this.
> For further information:
>  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5312
>  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5313
>  http://www.debian.org/doc/developers-reference/pkgs.html#upload-stable
Mailscanner has been removed from lenny because of this. See .
The bug is fixed in testing and unstable.
Current plans are to put MailScanner into backports.
I don't think there is any point fixing in oldstable. Backporting
upstreams-fix to such an old version would involve a great deal of changes
without getting it secure, because a email-spam/virus-scanner is very