[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: mailscanner stable update for CVE-2008-5312 CVE-2008-5313


> the following CVE (Common Vulnerabilities & Exposures) id was
> published for mailscanner some time ago.
> CVE-2008-5312[0]:
> CVE-2008-5313[1]:
> Unfortunately the vulnerability described above is not important enough
> to get it fixed via regular security update in Debian stable. It does
> not warrant a DSA.
> However it would be nice if this could get fixed via a regular point
> update[2].
> Please contact the release team for this.
> For further information:
> [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5312
> [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5313
> [2] http://www.debian.org/doc/developers-reference/pkgs.html#upload-stable

Mailscanner has been removed from lenny because of this. See [0].
The bug is fixed in testing and unstable.

Current plans are to put MailScanner into backports.

I don't think there is any point fixing[0] in oldstable. Backporting
upstreams-fix to such an old version would involve a great deal of changes
without getting it secure, because a email-spam/virus-scanner is very


[0] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506353

Reply to: