Re: Release-critical Bugreport for May 19, 2000

To: debian-devel@lists.debian.org, bugscan@debian.org
Cc: 63730@bugs.debian.org
Subject: Re: Release-critical Bugreport for May 19, 2000
From: Adrian Bunk <bunk@fs.tum.de>
Date: Fri, 19 May 2000 20:47:15 +0200 (CEST)
Message-id: <[🔎] Pine.NEB.4.21.0005192045060.18245-100000@neptun.fachschaften.tu-muenchen.de>
In-reply-to: <20000519051504.A16758@debian.org>

On Fri, 19 May 2000, BugScan reporter wrote:

>...
> Package: qpopper (debian/main)
> Maintainer: Miquel van Smoorenburg <miquels@cistron.nl>
> [REMOVE] at next test cycle, if no fix is available. (RB)
>   63730  [3APA3A@SECURITY.NNOV.RU: unsafe fgets() in qpopper]
>...

This is fixed in qpopper 2.53-4 already in incoming.



Please note that the bug won't be automatically closed after installing
qpopper 2.53-4 because the maintainer used wrong syntax in
debian/changelog:

    * Fix security hole (fixes: #63730). Did not use the patch as supplied
      on bugtraq, but fixed it myself. See debian/fgets1023.patch


cu,
Adrian

-- 
A "No" uttered from deepest conviction is better and greater than a
"Yes" merely uttered to please, or what is worse, to avoid trouble.
                -- Mahatma Ghandi

Reply to:

Prev by Date: Re: Release-critical Bugreport for May 19, 2000
Next by Date: Re: Release-critical Bugreport for May 19, 2000
Previous by thread: Re: Release-critical Bugreport for May 19, 2000
Next by thread: Re: Release-critical Bugreport for May 19, 2000
Index(es):
- Date
- Thread