Re: Wheezy update of spamassassin?
On 2018-09-25 16:03:45, Antoine Beaupré wrote:
> On 2018-09-19 19:16:32, Noah Meyerhans wrote:
>> On Wed, Sep 19, 2018 at 08:26:28PM +0200, Ola Lundqvist wrote:
>>> The Debian LTS team would like to fix the security issues which are
>>> currently open in the Wheezy version of spamassassin:
>>> https://security-tracker.debian.org/tracker/CVE-2018-11780
>>> https://security-tracker.debian.org/tracker/CVE-2018-11781
>>> https://security-tracker.debian.org/tracker/CVE-2018-15705
>>>
>>> Would you like to take care of this yourself?
>>
>> It's not yet clear how these will even be fixed in stretch, so it may be
>> premature to think about wheezy.
>>
>> At the moment, upstream is advocating strongly for us to move to the
>> newly released 3.4.2 upstream version in our stable branches. We're
>> considering it, in part because upstream isn't providing a discrete set
>> of patches to address the security issues.
>>
>> I will keep you informed (or worst case, you'll learn via
>> debian-security-announce) as to the status of fixes for stable and LTS.
>
> It would make sense to package 3.4.2 everywhere to me, considering it's
> a minor point release. Unfortunately, it seems they bundle quite a bit
> of stuff in their point release... :/
>
> In the meantime, I'll make a note in the LTS process to hold off while
> we figure this out.
>
> In any case, I'd be happy to help with updates to any suite, since it
> will likely be the same across all suites.
Ping! Any update here? Do you want us to help with the jessie or stretch
update?
A.
--
Nothing in life is to be feared, it is only to be understood.
Now is the time to understand more, so that we may fear less.
- Marie Curie
Reply to: