#506353 CVE-2008-5312/3: mailscanner might allow local users to overwrite arbitrary files via a symlink attack
Hi,
as you can see here[1] I have got a little security problem with the
package[2] I maintain.
Upstream has fixed the problem quite fast[3] in the last release (4.74.8-1).
I can easily bring this into sid, but what's about lenny?
lenny (testing) 4.68.8-1: all
Is there a chance to get 4.74.8 unblocked? Is it very unwise to even
try so? Do I have to contact security team and work on a fix for
4.68.8?
Any suggestion/hints where to look or whom to talk to?
--
Regards
Simon Walter
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506353
[2] http://packages.debian.org/search?keywords=mailscanner
[3] http://mailscanner.info/ChangeLog
Reply to: