Re: mailscanner stable update for CVE-2008-5312 CVE-2008-5313

To: debian-release@lists.debian.org
Subject: Re: mailscanner stable update for CVE-2008-5312 CVE-2008-5313
From: simon.walter@hp-factory.de
Date: Tue, 10 Mar 2009 14:04:46 -0000 (UTC)
Message-id: <47981.62.128.6.82.1236693886.squirrel@mail.lksoft.com>
In-reply-to: <20090310133056.GA6503@ngolde.de>
References: <20090310133056.GA6503@ngolde.de>

Hi

> the following CVE (Common Vulnerabilities & Exposures) id was
> published for mailscanner some time ago.
>
> CVE-2008-5312[0]:
> CVE-2008-5313[1]:
>
> Unfortunately the vulnerability described above is not important enough
> to get it fixed via regular security update in Debian stable. It does
> not warrant a DSA.
>
> However it would be nice if this could get fixed via a regular point
> update[2].
> Please contact the release team for this.
>
> For further information:
> [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5312
> [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5313
> [2] http://www.debian.org/doc/developers-reference/pkgs.html#upload-stable

Mailscanner has been removed from lenny because of this. See [0].
The bug is fixed in testing and unstable.

Current plans are to put MailScanner into backports.

I don't think there is any point fixing[0] in oldstable. Backporting
upstreams-fix to such an old version would involve a great deal of changes
without getting it secure, because a email-spam/virus-scanner is very
volatile.

--
Regards
Simon

[0] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506353

Reply to:

Prev by Date: future proofing linux-2.6 config, disabling deprecated interfaces
Next by Date: please unblock gnupg/1.4.9-4 (udebs)
Previous by thread: future proofing linux-2.6 config, disabling deprecated interfaces
Next by thread: please unblock gnupg/1.4.9-4 (udebs)
Index(es):
- Date
- Thread